Generic description:
Implements information security policy. Monitors and takes action against intrusion, fraud and security breaches or leaks. Ensures that security risks are analysed and managed with respect to enterprise data and information. Reviews security incidents, makes recommendations for security policy and strategy to ensure continuous improvement of security provision.

Competence area: e-CF area E. Manage


Proficiency levels:
e-CF level Description Profiles (CWA16458)
2 Systematically scans the environment to identify and define vulnerabilities and threats. Records and escalates non-compliance. Network specialist, Systems administrator
3 Evaluates security management measures and indicators and decides if compliant to information security policy. Investigates and instigates remedial measures to address any security breaches. ICT operations manager, ICT security specialist
4 Provides leadership for the integrity, confidentiality and availability of data stored on information systems and complies with all legal requirements. ICT security manager, ICT security specialist

Knowledge examples (Knows /aware of/ Familiar with:)

  • K1 the organisation's security management policy and its implications for engagement with customers, suppliers and subcontractors
  • K2 the best practices and standards in information security management
  • K3 the critical risks for information security management
  • K4 the ICT internal audit approach
  • K5 security detection techniques, including mobile and digital
  • K6 cyber attack techniques and counter measures for avoidance
  • K7 computer forensics

Skill examples (Able to:)

  • S1 document the information security management policy, linking it to business strategy
  • S2 analyse the company critical assets and identify weaknesses and vulnerability to intrusion or attack
  • S3 establish a risk management plan to feed and produce preventative action plans
  • S4 perform security audits
  • S5 apply monitoring and testing techniques
  • S6 establish the recovery plan
  • S7 implement the recovery plan in case of crisis