| Competency Cluster |
Competency Definition |
CLAS Core Competency |
| 1. INFOSEC EXPERTISE |
1.1 Acquiring and Maintaining
Knowledge |
Maintains currency of knowledge of organisational
requirements for baseline measures and recommended practices.
Maintains broad practical security expertise extending
beyond own work area; maintains awareness of Infosec implications
of business activities |
| |
1.2 Implementation of HMG baseline requirements
and compliance with relevant legislation |
Ensures security policy addresses organisational and
legislative requirements consistently and remains commensurate
with the risk across the organisation. Formally accredits
or ensures the accreditation of systems. Interfaces with
appropriate bodies (professional, academic etc.) to implement
robust Infosec e.g. best practices from professional bodies
such as BS7799
|
| |
1.3 Using Technical Security Measures |
Has broad knowledge of technical security issues, understands
the principal security issues of IT platforms and applications;
develops requirements for technical Infosec measures within
own business area |
|
| 2. BUSINESS MANAGEMENT |
2.1 Business Focus |
Understands business aims and objectives and establishes,
develops and advises onInfosec policy/local working standards
that manage the risk to both protect and enable these.
Provides guidance on security in consultation with central
organisational authorities and promotes business benefits
of security awareness and Information Security.
|
| |
2.2 Planning |
Contributes to and advises on the strategic application
of Infosec policy is consistent with business requirements.
Examples may include appropriate business plans and contingency
measures. |
| |
2.3 Delivering Results |
Influences, contributes to, or advises on the strategic
direction taken on Infosec within their sphere of activity
- for example, the organisation; utilises appropriate
mechanisms to achieve organsiational security guidance.
Examples include incident reporting procedures and training
programmes to review security and maintain awareness. |
| |
2.4 Managing Resources & Value for
Money (VFM) |
Seeks VFM in the application of Infosec measures within
own sphere of activity - for example, by judging the relative
cost-effectiveness of technical and non-technical countermeasures
in protective security strategies. |
| |
2.5 Dealing With Change |
Promotes and initiates change, with due regard for
Infosec applications, and motivates others to co-operate
and contribute towards change in security procedures in
own area, to meet its business requirements. |
|
| 3. DEALING WITH PEOPLE |
3.1 Infosec Teamwork |
Leads or materially participates within own work area
in compliance with Infosec standards and baseline requirements;
may monitor and specify local security standards and/or
procedures |
| |
3.2 Communicating and Influencing Infosec
Issues |
Can adapt the expression of Infosec issues and requirements
to a variety of audiences both within and outside the
organisation such that the message is clearly understood.
Is persuasive in championing the current Infosec issues
across the organisation and/or a body of related organsiations. |
Competency Framework for new entrants to CLAS
