Skip to main content
icon

Information Security

Security Awareness Training

Security Awareness Training is a formal education process targeting employees, aimed at enhancing their understanding of potential security threats, maintaining best practices in information security, promoting secure behavior, and developing necessary skills to detect and mitigate potential cyber threats.

Level 1: Emerging

At an emerging level, you are gaining preliminary knowledge of infosec concepts, understanding basic security threats and cautiously implementing simple preventative measures through regular security awareness training.

Level 2: Proficient

At a proficient level you are able to effectively participate in and contribute to security awareness training sessions, demonstrating a strong understanding of information security principles and best practices.

Level 3: Advanced

At an advanced level you are consistently updating Security Awareness Training programs, using innovative methods to engage employees, and ensuring a deep understanding of information security best practices throughout the organization.

Artificial Intelligence in Security

Artificial Intelligence in Security is the application of AI techniques, such as machine learning and predictive analytics, to identify patterns in data, analyze threats, and protect sensitive information against cyber threats, thus enhancing the efficiency and effectiveness of an organization's information security efforts.

Level 1: Emerging

At an emerging level, you are beginning to understand artificial intelligence application in security. You're gaining knowledge about AI threats, mitigation techniques, and the role of AI in enhancing security measures.

Level 2: Proficient

At a proficient level you are able to effectively implement and manage artificial intelligence technologies to enhance security measures, detect anomalies, and respond to cybersecurity threats within an organization.

Level 3: Advanced

At an advanced level, you are proficient in utilizing artificial intelligence in security to proactively detect and respond to complex threats, making strategic decisions to protect sensitive information effectively.

Virtualization Security

Virtualization Security is the process of ensuring and enhancing the security of a virtualized environment by executing comprehensive policies, procedures, and controls to protect data, applications, and infrastructures from potential threats and attacks prevalent in a virtualized environment.

Level 1: Emerging

At an emerging level, you are beginning to understand Virtualization Security. Your knowledge includes basic concepts, risks and mitigation in relation to safeguarding virtual environments within an organization.

Level 2: Proficient

At a proficient level you are able to effectively implement virtualization security measures to protect sensitive information and prevent unauthorized access to virtualized environments within the organization.

Level 3: Advanced

At an advanced level you are capable of effectively securing virtualized environments, implementing advanced access controls, encryption, and monitoring techniques to protect sensitive data and assets from potential threats.

Security Operations Center Management

Security Operations Center Management is the handling of a centralized unit dedicated to addressing cybersecurity issues, through threat identification, assessment and defense, to maintain an organization's information system's integrity, confidentiality and availability while promoting effective incident response strategies.

Level 1: Emerging

At an emerging level, you are gaining fundamental knowledge about securing a network. You're developing skills in managing security incidents, implementing defense measures, and coordinating a Security Operations Center.

Level 2: Proficient

At a proficient level you are able to effectively manage a Security Operations Center, overseeing the detection, analysis, and response to security incidents to ensure the protection of sensitive information.

Level 3: Advanced

At an advanced level you are proficient in leading and managing security operations centers, including implementing advanced detection and response strategies, threat intelligence, and incident response protocols within the information security domain.

Information Security Governance

Information Security Governance is the systematic approach to establishing, managing, and monitoring an organization's information security strategies, policies, and procedures. It ensures compliance with laws, regulations, and aligns with business objectives and risk management.

Level 1: Emerging

At an emerging level you are beginning to grasp essential aspects of Information Security Governance. You understand key policies, procedures, and regulations, but have limited experience in their practical implementation.

Level 2: Proficient

At a proficient level, you are able to establish and maintain an effective information security governance framework within the organization, ensuring alignment with business objectives and regulatory requirements.

Level 3: Advanced

At an advanced level, you are able to develop, implement, and oversee comprehensive information security governance strategies that align with organizational goals, risk appetite, and regulatory requirements.

Cyber Physical Systems Security

Cyber Physical Systems Security is the discipline focused on protecting integrated systems of computational and physical components. It involves enhancing resilience against cyber threats and ensuring seamless operational efficiency, encompassing cybersecurity, network security, information assurance, and advanced system-level security controls.

Level 1: Emerging

At an emerging level, you are beginning to understand the fundamentals of cyber-physical systems security, recognising potential vulnerabilities and threats but still developing preventive measures or responses in information security context.

Level 2: Proficient

At a proficient level, you are able to effectively secure cyber physical systems by implementing advanced security measures, conducting regular risk assessments, and ensuring compliance with industry standards and regulations.

Level 3: Advanced

At an advanced level, you are able to efficiently secure cyber physical systems by implementing advanced encryption techniques, intrusion detection systems, and ensuring secure network communications to protect critical infrastructure.

Cybersecurity Analytics

Cybersecurity Analytics is the process of collecting, aggregating, and analyzing data from multiple security-related sources to identify and assess potential cybersecurity threats, implement effective security measures, and improve the organization's overall information security posture by enhancing threat detection and response capabilities.

Level 1: Emerging

At an emerging level, you are still gaining necessary skills in cybersecurity analytics. You can identify basic threats and interpret security data, but require more experience for complex situations.

Level 2: Proficient

At a proficient level you are able to effectively analyze cybersecurity data to identify potential threats, trends, and patterns in order to protect information assets within the organization.

Level 3: Advanced

At an advanced level, you are able to effectively analyze and interpret complex cybersecurity data to proactively identify and mitigate potential threats to information security within the organization.

Quantum Computing and Security

Quantum Computing and Security is the study and application of quantum mechanics principles in computing to enhance information security. This includes creating cryptographic systems impervious to traditional computational attacks, offering superior data protection and privacy.

Level 1: Emerging

At an emerging level, you are acquiring knowledge about quantum computing principles, focusing on cryptographic risks and implications on information security. You can identify key terminology and recognize essential quantum threats.

Level 2: Proficient

At a proficient level you are able to understand the potential impact of quantum computing on information security, evaluate vulnerabilities, and implement appropriate measures to protect sensitive data from quantum threats.

Level 3: Advanced

At an advanced level you are adept at applying quantum computing principles to enhance information security measures, utilizing cryptographic algorithms and protocols that are resistant to quantum attacks.

Secure Coding Practices

Secure Coding Practices is the application of measures and procedures to prevent security vulnerabilities during software development. These practices involve assuring the integrity and confidentiality of data, identifying potential threats, and implementing security controls while writing and revising code.

Level 1: Emerging

At an emerging level, you are becoming familiar with secure coding practices. You can identify basic security vulnerabilities, are developing secure code writing skills and grasp fundamental cybersecurity principles.

Level 2: Proficient

At a proficient level you are implementing secure coding practices to protect against vulnerabilities and ensure information security. You are proficient in applying encryption, input validation, and other security controls effectively.

Level 3: Advanced

At an advanced level, you are able to expertly apply secure coding practices, ensuring that all code is free from vulnerabilities and follows industry best practices to protect sensitive information.

Web Application Security

Web Application Security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application's code. It involves maintaining the confidentiality, integrity, and availability of the application data from unauthorized access, unethical use, disclosure, disruption, modification, or destruction.

Level 1: Emerging

At an emerging level, you are able to identify basic web application security threats, demonstrate general knowledge of secure coding practices, and follow guidelines for web application security.

Level 2: Proficient

At a proficient level, you are able to effectively implement secure coding practices, conduct regular security assessments, and respond to and mitigate web application security incidents within an Information Security framework.

Level 3: Advanced

At an advanced level, you are able to design and implement robust security measures to protect web applications against various cyber threats, minimizing vulnerabilities and ensuring data confidentiality and integrity.

Endpoint Security

Endpoint Security is the practice of securing network endpoints from being exploited by rogue software or malicious actors. This involves identifying, managing, controlling and securing devices' access to a network to ensure unauthorized actors cannot proliferate potentially damaging software or illicitly gain critical data.

Level 1: Emerging

At an emerging level, you are starting to grasp the fundamentals of Endpoint Security. You're developing techniques for device protection, understanding threats, and applying basic security policies.

Level 2: Proficient

At a proficient level, you are effectively implementing and managing endpoint security measures to protect the organization's information and assets from cyber threats and vulnerabilities.

Level 3: Advanced

At an advanced level you are proficient in implementing and managing robust endpoint security measures, including encryption, anti-malware protection, intrusion detection, and regular security audits to safeguard organizational information assets.

Identity and Access Management

Identity and Access Management is a critical component of information security, focusing on controlling who has authorised access to specific resources within an organization. This involves the proper identification, authentication, authorisation, and auditing of user activities and privileges, reducing the risk of security breaches.

Level 1: Emerging

At an emerging level, you are developing basic knowledge of identity and access management, specifically within information security. You are starting to understand protocols for user authentication and access controls.

Level 2: Proficient

At a proficient level you are able to effectively manage identities and access to sensitive information, ensuring only authorized individuals have appropriate access rights based on security policies and procedures.

Level 3: Advanced

At an advanced level you are able to design, implement, and manage identity and access management systems to ensure secure access control and protect sensitive information within the organization.

Internet of Things Security

Internet of Things Security is the application of safeguarding measures and technologies to IoT devices and networks, protecting them from potential cyber threats or unauthorized access, consequently safeguarding the integrity, confidentiality, and availability of data and systems within an organization.

Level 1: Emerging

At an emerging level, you are beginning to understand Internet of Things (IoT) security. You are developing your skills to identify and mitigate risks in IoT devices and networks.

Level 2: Proficient

At a proficient level you are able to effectively implement security measures to protect Internet of Things devices and networks, ensuring data confidentiality, integrity, and availability in alignment with organizational policies.

Level 3: Advanced

At an advanced level, you are proficient in implementing robust security measures to protect IoT devices and networks, detecting and responding to advanced threats, and ensuring data confidentiality and integrity.

Biometric Security

Biometric Security is the use of biological data, such as fingerprints or facial recognition, to validate identity and access rights within information systems. It is a key Information Security capability for ensuring authorized access, minimizing risk, and protecting sensitive organizational data.

Level 1: Emerging

At an emerging level, you are beginning to understand biometric security principles. You can identify key biometric security elements and apply rudimentary protections in an information security context.

Level 2: Proficient

At a proficient level you are able to effectively implement and manage biometric security systems to ensure accurate and secure authentication of individuals accessing sensitive information within the organization.

Level 3: Advanced

At an advanced level you are able to design, implement, and manage biometric security systems to protect sensitive information, ensuring the highest level of authentication and access control within your organization.

Quantum Cryptography

Quantum Cryptography is a method of encrypting data utilizing quantum mechanics to ensure absolute data security. It uses quantum key distribution, allowing only the intended recipient to decrypt the message while any interception attempt disruptively changes the data, thus providing high-level information security.

Level 1: Emerging

At an emerging level you are acquiring foundational knowledge in Quantum Cryptography. You understand basic principles, demonstrate rudimentary skills and are learning to identify potential security threats.

Level 2: Proficient

At a proficient level you are able to understand and implement Quantum Cryptography protocols effectively to secure communication channels and data in an information security context.

Level 3: Advanced

At an advanced level you are able to effectively implement and manage Quantum Cryptography solutions to secure sensitive information and communication channels, ensuring the highest level of protection against quantum computing threats.

Advanced Persistent Threat Management

Advanced Persistent Threat Management is the proactive process of identifying, assessing, and addressing sophisticated, ongoing cyber threats targeting an organization's information security infrastructure. This involves the use of strategic tactics such as threat intelligence, intrusion detection, incident response, and continuous monitoring.

Level 1: Emerging

At an emerging level, you are learning how to identify and respond to Advanced Persistent Threats (APTs). You can differentiate between various types of APTs and apply basic mitigation strategies.

Level 2: Proficient

At a proficient level, you are able to effectively identify, analyze, and mitigate Advanced Persistent Threats within the organization's network, ensuring the security of sensitive information and data.

Level 3: Advanced

At an advanced level you are proficient in identifying, analyzing, and mitigating complex and sophisticated cyber threats posed by Advanced Persistent Threats to safeguard organizational information assets effectively.

Cloud Access Security Brokerage

Cloud Access Security Brokerage is a strategic technology that mediates data traffic between cloud service users and cloud applications, providing a suite of security enforcement policies, including authentication, single sign-on, authorization, credential mapping, device profiling, and encryption, thus safeguarding organizational cloud environments.

Level 1: Emerging

At an emerging level, you are beginning to understand Cloud Access Security Brokerage. You can identify key cloud security strategies and implement basic protective measures, under supervision.

Level 2: Proficient

At a proficient level you are able to effectively implement and manage Cloud Access Security Brokerage solutions to protect sensitive information and ensure secure access to cloud services within the organization.

Level 3: Advanced

At an advanced level, you are proficient in implementing and managing Cloud Access Security Brokerage solutions, ensuring secure access to cloud services, data protection, and compliance within your organization's information security framework.

Automated Security Monitoring and Response

Automated Security Monitoring and Response is the utilization of artificial intelligence and machine learning technologies to continuously monitor, detect, and proactively respond to potential security threats in an information system, improving real-time defense capabilities and overall security performance within the organization.

Level 1: Emerging

At an emerging level, you are beginning to grasp automated security monitoring and response. You're learning to interpret threat alerts and implement basic automated actions, under close supervision.

Level 2: Proficient

At a proficient level, you are proficient in establishing and maintaining automated systems to monitor and respond to security incidents effectively, ensuring the protection of critical information assets within the organization.

Level 3: Advanced

At an advanced level you are proficient in designing, implementing, and managing automated security monitoring and response systems to proactively detect and mitigate potential cyber threats in real-time.

Advanced Biometric Security Techniques

Advanced Biometric Security Techniques is the capability to deploy, manage and enhance sophisticated biometric identification measures. This includes ensuring the highest level of cybersecurity through the use of fingerprint, retina, voice, and facial recognition methods to safeguard sensitive organizational information.

Level 1: Emerging

At an emerging level, you are gaining foundational understanding of advanced biometric security techniques. You comprehend basic principles and can identify biometric vulnerabilities within basic information security contexts.

Level 2: Proficient

At a proficient level, you are adept at implementing advanced biometric security techniques to enhance the protection of sensitive information and ensure secure access control within the organization.

Level 3: Advanced

At an advanced level you are able to implement and manage sophisticated biometric security techniques, such as fingerprint scanning and facial recognition, to enhance information security measures within the organization.

Zero Trust Network Architecture

Zero Trust Network Architecture is a security model advocating strict access control measures, ensuring no trust is granted implicitly within systems and verifying each request's credibility as though originating from an insecure network. Aiming to prevent data breaches, it relies on constant authentication, restrictive user privileges, and microsegmentation.

Level 1: Emerging

At an emerging level, you are beginning to understand zero trust network architecture, capable of identifying its basic elements and recognising its importance to secure information systems within an organization.

Level 2: Proficient

At a proficient level you are able to implement and maintain a Zero Trust Network Architecture, enhancing data protection and preventing unauthorized access to sensitive information in an organization's network.

Level 3: Advanced

At an advanced level you are able to implement and manage a Zero Trust Network Architecture, ensuring that all network traffic is monitored and verified to prevent unauthorized access and protect sensitive information.

Security in Edge Computing

Security in Edge Computing is the practice of implementing robust protective measures to safeguard distributed computing frameworks hinged on IoT devices and edge data centres. It necessitates cognizance of potential threats, proactive defense strategies, continuous network monitoring, and prompt incident responses.

Level 1: Emerging

At an emerging level, you are familiarising yourself with fundamental security measures in edge computing, focusing on understanding basic threats and how to apply initial protective procedures.

Level 2: Proficient

At a proficient level you are able to effectively implement security measures in edge computing environments, ensuring data protection, access control, and threat detection mechanisms are in place to mitigate risks.

Level 3: Advanced

At an advanced level you are able to implement robust security measures in edge computing environments, ensuring data confidentiality, integrity, and availability while effectively mitigating risks and vulnerabilities.

AI-Driven Threat Detection

AI-Driven Threat Detection is the use of artificial intelligence technologies to identify and respond to potential cybersecurity threats automatically, enhancing traditional security measures by analysing massive data sets in real-time for anomaly detection and proactive risk management.

Level 1: Emerging

At an emerging level, you are learning to use artificial intelligence to identify potential security threats. You can recognize simple cyber threats and are beginning to understand more complex ones.

Level 2: Proficient

At a proficient level you are able to effectively utilize AI technology to detect and respond to threats in the information security landscape, enhancing the organization's overall cybersecurity posture.

Level 3: Advanced

At an advanced level, you are adept at leveraging AI algorithms to detect and respond to complex cybersecurity threats, ensuring the protection of sensitive information and systems within the organization.

Privacy-Enhancing Computation

Privacy-Enhancing Computation is a specialized field in Information Security. It employs cryptographic algorithms and data processing techniques to ensure data privacy. It guarantees data confidentiality, integrity, and privacy when performing computations in a shared or public computational environment, without revealing sensitive data.

Level 1: Emerging

At an emerging level, you are developing knowledge of privacy-enhancing computations. You understand basic concepts and are starting to implement these into information security protocols and daily practices.

Level 2: Proficient

At a proficient level, you are able to effectively implement and manage Privacy-Enhancing Computation techniques to safeguard sensitive information and ensure compliance with data protection laws and regulations within an organization.

Level 3: Advanced

At an advanced level, you are able to implement complex privacy-enhancing computation techniques to ensure the confidentiality and integrity of sensitive information within the Information Security framework.

Security for Blockchain and Distributed Ledger Technologies

Security for Blockchain and Distributed Ledger Technologies is the practice of implementing protective measures, protocols, and policies to safeguard the integrity, resilience and confidentiality of data transacted, stored, and processed within blockchain and distributed ledger platforms, thus preventing cyber threats, fraud, and data breaches.

Level 1: Emerging

At an emerging level you are beginning to grasp the basics of securing Blockchain and Distributed Ledger Technologies. You're acquiring essential knowledge of cryptography and consensus protocols in an InfoSec context.

Level 2: Proficient

At a proficient level you are able to implement and manage security measures for Blockchain and Distributed Ledger Technologies to protect data integrity, confidentiality, and availability within the information security framework.

Level 3: Advanced

At an advanced level, you are able to oversee the implementation and maintenance of robust security measures for Blockchain and Distributed Ledger Technologies, ensuring confidentiality, integrity, and availability of sensitive information.

Intrusion Detection Systems

Intrusion Detection Systems is a security framework utilised to monitor and identify malicious activities or policy breaches in a network. It analyzes system activities and traffic for any threats, providing reports and alerts to counteract potential information security attacks.

Level 1: Emerging

At an emerging level, you are beginning to understand intrusion detection systems. You can recognize common threats, basic system functions, perform necessary updates, but require guidance for complex issues.

Level 2: Proficient

At a proficient level you are able to effectively configure, monitor, and analyze Intrusion Detection Systems to detect and respond to potential security incidents within an organization's information systems.

Level 3: Advanced

At an advanced level you are able to effectively configure, monitor, and analyze data from Intrusion Detection Systems to proactively identify and respond to potential security threats in a timely manner.

Cybersecurity Management

Cybersecurity Management is the organized practice of protecting an organizations' information systems by identifying, assessing, and mitigating potential security risks, responding to cyber threats promptly, and establishing protocols to ensure the confidentiality, integrity, and availability of data.

Level 1: Emerging

At an emerging level, you are beginning to grasp the fundamental concepts of cybersecurity management. You know enough to protect information and prevent threats, but expertise is still developing.

Level 2: Proficient

At a proficient level you are able to effectively implement and manage cybersecurity measures to protect sensitive information and data within your organization, identifying and mitigating potential security risks.

Level 3: Advanced

At an advanced level, you are able to lead and oversee all aspects of cybersecurity management within the organization, including implementing strategic security measures and ensuring compliance with information security policies.

Digital Forensics

Digital Forensics is the process of identifying, preserving, analyzing, and documenting digital evidence to combat cybercrime and enhance an organization's information security. It aids in incident response, litigations, and ensuring the integrity of systems and data.

Level 1: Emerging

At an emerging level, you are beginning to understand Digital Forensics. You are capable of conducting basic forensic analyzes, under supervision, to investigate and address data security breaches.

Level 2: Proficient

At a proficient level you are able to conduct thorough digital forensic investigations, extract and analyze data from various sources, and provide detailed reports to support information security incident response efforts.

Level 3: Advanced

At an advanced level you are able to conduct in-depth digital investigations, analyzing and interpreting complex data to uncover security breaches, malware, and evidence of cyber attacks within an organization.

Malware Analysis

Malware Analysis is the systematic study of malevolent software, viruses, and harmful code. This involves reversing engineering samples, observing their behaviors, assessing potential damage and identifying mitigations, all with the goal of strengthening an organization's information security infrastructure against cyber threats.

Level 1: Emerging

At an emerging level, you are beginning to understand malware life-cycle, basic malware types and simple reverse-engineering skills. You're getting conversant with basic analysis tools and environments.

Level 2: Proficient

At a proficient level you are able to conduct in-depth analysis of malware to identify its characteristics, behavior, and potential impacts on information security within an organization.

Level 3: Advanced

At an advanced level you are proficient in conducting in-depth malware analysis, identifying advanced threats, reverse engineering malware code, and developing custom signatures to enhance information security within the organization.

Security Policy Development

Security Policy Development is the strategic process of defining, implementing, and maintaining an organization's guidelines concerning data protection, network security, user access control, and threat mitigation in accordance with compliance regulations and industry standards.

Level 1: Emerging

At an emerging level, you are beginning to draft and revise information security policies. You can identify basic security threats and understand standard security frameworks. You can articulate standard security protocols.

Level 2: Proficient

At a proficient level you are able to develop comprehensive and effective security policies that align with industry standards and regulatory requirements, ensuring the protection of sensitive information within the organization.

Level 3: Advanced

At an advanced level, you are capable of developing comprehensive information security policies that align with industry standards, regulatory requirements, and the organization's risk appetite and business objectives.

Ethical Hacking

Ethical Hacking is the authorized practice of bypassing system security to identify potential data breaches and threats in a network. The company asks cybersecurity professionals to use their skills to find vulnerabilities before malicious hackers can exploit them.

Level 1: Emerging

At an emerging level, you are just starting to understand ethical hacking. You can identify common vulnerabilities and conduct basic penetration tests using simple tools, under supervision.

Level 2: Proficient

At a proficient level you are able to conduct ethical hacking activities within a controlled environment, identifying vulnerabilities and suggesting remediation actions to strengthen the organization's information security defenses.

Level 3: Advanced

At an advanced level you are an expert in ethical hacking, able to bypass security measures to identify vulnerabilities, test systems, and ensure the overall security of an organization's information assets.

Vulnerability Assessment

Vulnerability Assessment is a systematic process in Information Security that identifies, quantifies, and ranks the security vulnerabilities in a system. It typically involves evaluating system weaknesses, potential threats, and implementing strategies to mitigate risks, thereby ensuring asset protection and maintaining system integrity.

Level 1: Emerging

At an emerging level, you are beginning to identify and understand various cyber threats. You can conduct basic vulnerability assessments and practise secure measures to mitigate potential cyberattacks.

Level 2: Proficient

At a proficient level you are able to conduct thorough vulnerability assessments, identifying weaknesses in information security systems and recommending effective solutions to mitigate potential risks.

Level 3: Advanced

At an advanced level, you are proficient in conducting thorough vulnerability assessments, identifying complex security weaknesses, analyzing potential impacts, and providing strategic recommendations to enhance Information Security measures.

Penetration Testing

Penetration Testing is a systematic method of evaluating and identifying weaknesses in information system security by simulating potential cyber-attacks, thereby helping organizations to understand and mitigate risks in their digital environments. This process assists in fortifying networks, applications, and end points.

Level 1: Emerging

At an emerging level, you are beginning to perform penetration testing. You can identify basic security vulnerabilities with guidance, using predetermined procedures within a controlled environment.

Level 2: Proficient

At a proficient level you are able to conduct thorough and comprehensive penetration testing to identify vulnerabilities in information systems, using various tools and techniques to assess security posture effectively.

Level 3: Advanced

At an advanced level, you are adept in conducting thorough and complex penetration tests to identify vulnerabilities and secure systems from potential cyber attacks in an Information Security context.

Incident Response

Incident Response is a systematic approach in information security that managers and IT professionals employ; involving detection, identification, and analysis of security incidents, followed by containment, eradication, and recovery actions, while simultaneously ensuring documentation, communication, and post-incident review for continuous improvement and prevention strategies.

Level 1: Emerging

At an emerging level, you are beginning to understand key concepts of incident response within information security. You're gaining experience in identifying, responding to, and mitigating security threats.

Level 2: Proficient

At a proficient level, you are able to effectively identify and respond to security incidents in a timely manner, minimizing impact and ensuring swift resolution to protect information assets.

Level 3: Advanced

At an advanced level you are able to lead and coordinate the response to security incidents, utilizing advanced technical skills and knowledge to quickly identify and mitigate threats in a timely manner.

Compliance and Legal Issues

Compliance and Legal Issues is an information security competency addressing the adherence to IT security regulations and laws. This involves understanding related legislative and contractual requirements, managing risks associated with these obligations, and implementing strategies to ensure ongoing compliance with security protocols.

Level 1: Emerging

At an emerging level, you are familiar with key compliance regulations and legal issues relevant to information security. Your knowledge is limited, but developing, and you strive to improve.

Level 2: Proficient

At a proficient level you are able to interpret and apply relevant compliance regulations and legal requirements to ensure information security measures are in place and effective within the organization.

Level 3: Advanced

At an advanced level, you are able to proactively identify, interpret, and address complex compliance and legal issues related to information security, ensuring organizational adherence to regulations and standards.

Cloud Security

Cloud Security is the framework for protecting data, applications and infrastructure inherent to cloud computing usage. It comprises policies, technologies and controls deployed to safeguard data, support regulatory compliance, and protect customers' privacy as well as setting authentication rules for individual users and devices.

Level 1: Emerging

At an emerging level, you are acquainted with basic principles and strategies of cloud security. You're conversant with common cloud services and can identify potential threats and vulnerabilities.

Level 2: Proficient

At a proficient level you are able to identify and implement appropriate cloud security measures to protect sensitive information and mitigate risks effectively within an organization's information security framework.

Level 3: Advanced

At an advanced level, you are able to design and implement complex cloud security solutions, effectively monitor and respond to security incidents in the cloud environment, and provide expert guidance on cloud security best practices.

Cyber Threat Intelligence

Cyber Threat Intelligence is the process of collecting, analysing and contextualising information about existing or potential cyber threats to an organization's information security infrastructure. This capability helps in proactive decision-making, enhancing threat response, and mitigating potential vulnerabilities in a system.

Level 1: Emerging

At an emerging level, you are capable of understanding basic cyber threats, recognizing potential risks and contributing to defensive strategies under direct supervision in a information security context.

Level 2: Proficient

At a proficient level, you are able to effectively gather, analyze, and interpret cyber threat intelligence to identify potential security risks and vulnerabilities within the organization's information security environment.

Level 3: Advanced

At an advanced level you are proficient in analyzing and interpreting complex cyber threat intelligence data to proactively defend against sophisticated cyber attacks within the realm of Information Security.

Data Privacy

Data Privacy is the right to keep personal and sensitive data secure from unauthorized or illegal access, modification, disclosure or destruction. This capability emphasizes implementing policies, systems and procedures that ensure data integrity, confidentiality and availability, thereby maintaining trust and confidence in the organization's information security function.

Level 1: Emerging

At an emerging level, you are developing an understanding of data privacy principles in Information Security. You are capable of identifying potential privacy risks and applying basic protective measures.

Level 2: Proficient

At a proficient level you are able to effectively implement and maintain data privacy controls, ensuring compliance with relevant laws and regulations while protecting sensitive information from unauthorized access or disclosure.

Level 3: Advanced

At an advanced level you are able to effectively implement and maintain data privacy policies and practices, ensuring compliance with regulations and protecting confidential information from unauthorized access, use, or disclosure.

Disaster Recovery Planning

Disaster Recovery Planning is the strategic and systematic process of creating protocols to respond to and recover from potential technology-related disruptions. Focused on preventing breaches and ensuring cybersecurity, it includes data backup, system restoration and maintaining confidentiality, integrity, and availability (CIA) of the organization's information.

Level 1: Emerging

At an emerging level you are acquiring knowledge about disaster recovery planning in information security. You can identify basic recovery standards, contribute to continuity strategies and understand risk mitigation.

Level 2: Proficient

At a proficient level, you are able to develop and implement thorough disaster recovery plans for information security incidents, ensuring timely and effective response to minimize impact on organizational assets.

Level 3: Advanced

At an advanced level, you are able to develop and implement comprehensive disaster recovery plans for information systems, ensuring the security and integrity of data in the event of a disaster.

Secure Software Development

Secure Software Development is the systematic practice of integrating security measures throughout the software development lifecycle. It involves designing, implementing, and testing software in ways that prevent unauthorized access, use, disclosure, disruption, modification, or destruction of information.

Level 1: Emerging

At an emerging level, you are beginning to understand secure software development, applying basic principles to protect code and systems. Knowledge growth and professional experience are encouraged at this stage.

Level 2: Proficient

At a proficient level you are able to incorporate security best practices into the software development lifecycle, identify and mitigate common vulnerabilities, and ensure code is secure and resilient against cyber threats.

Level 3: Advanced

At an advanced level, you are able to design, implement, and maintain secure software applications by leveraging the latest security technologies and best practices to protect sensitive information and prevent cyber attacks.

Database Security

Database Security is the collective measures, policies, and tools used to protect, monitor, and preserve the integrity, confidentiality, and accessibility of database systems from cyber threats and unauthorized access in line with an organization's information security principles.

Level 1: Emerging

At an emerging level, you are beginning to understand database security principles. You're familiar with common threats and have basic knowledge of preventative measures within the realm of Information Security.

Level 2: Proficient

At a proficient level you are able to implement and maintain database security measures to protect sensitive information from unauthorized access, ensuring data integrity, confidentiality, and availability within the organization.

Level 3: Advanced

At an advanced level you are able to design, implement, and manage advanced security measures to protect databases from unauthorized access, ensuring data confidentiality, integrity, and availability in Information Security.

Secure System Administration

Secure System Administration is the process of managing, securing, and maintaining information systems to safeguard against unauthorised access, ensuring data integrity, operational efficiency, compliance with relevant regulations, and continuous service availability, thereby mitigating potential security risks and vulnerabilities.

Level 1: Emerging

At an emerging level, you are developing essential skills in maintaining security protocols, detecting vulnerabilities and administering secure systems in a controlled environment, while acquiring knowledge on information security principles.

Level 2: Proficient

At a proficient level you are able to effectively manage and secure system configurations, user access controls, and implement security patches to protect the organization's information assets from unauthorized access or misuse.

Level 3: Advanced

At an advanced level, you are able to implement advanced security configurations, conduct in-depth vulnerability assessments, manage privileged access effectively, and lead incident response and recovery efforts within the organization.

Access Control

Access Control is an information security principle that restricts access to data by identifying, authenticating, and authorizing users. It safeguards against unauthorized intrusions, ensuring only approved personnel can access specific resources, information, applications, or systems, enhancing the protection of sensitive organizational data.

Level 1: Emerging

At an emerging level, you are familiarising yourself with basic concepts of access control. You can identify user roles, manage permissions, and understand the significance of secure access in information security.

Level 2: Proficient

At a proficient level you are able to implement and manage access control measures effectively to protect sensitive information, ensuring only authorized individuals can access resources within the organization.

Level 3: Advanced

At an advanced level you are able to design and implement complex access control mechanisms, integrating multi-factor authentication and advanced encryption techniques to protect sensitive information effectively in Information Security.

Mobile Security

Mobile Security is the protective measures implemented to secure data privacy, prevent unauthorized access, and inhibit malicious attacks on mobile devices such as smartphones, tablets, and laptops within an organization. It encompasses application security, device security, information security, and network security practices.

Level 1: Emerging

At an emerging level, you are gaining awareness of mobile security concepts. You can identify common threats, implement basic protective measures, and participate in securing mobile infrastructure.

Level 2: Proficient

At a proficient level you are able to effectively implement and manage mobile security measures to protect sensitive information on devices, ensuring secure data access and transmission within the organization.

Level 3: Advanced

At an advanced level, you are able to implement comprehensive mobile security measures, including encryption, containerization, and threat detection, to protect sensitive information on mobile devices within the organization.

Security Architecture Design

Security Architecture Design is the planning and designing of security measures to protect an organization's information assets. It involves identifying potential risks, designing a robust framework to mitigate them, and coordinating the implementation of these security controls across all information systems within the organization.

Level 1: Emerging

At an emerging level, you have basic understanding of security architecture principles. You are capable of identifying key elements and contributing to basic security architectural design tasks under close supervision.

Level 2: Proficient

At a proficient level you are able to design Information Security architectures that effectively protect systems and data, considering current threats, vulnerabilities, and industry best practices.

Level 3: Advanced

At an advanced level you are proficient in designing security architectures that effectively protect information assets, mitigate risks, and align with the organization's overall information security strategy.

Wireless Security

Wireless Security is the process of designing, implementing, and ensuring the protection of both wireless networks and their data. This capability includes defending against unauthorized access, data theft, network misuse, and intrusions, therefore maintaining the integrity, confidentiality, and availability of wireless information assets.

Level 1: Emerging

At an emerging level, you are beginning to understand wireless security principles. You can identify basic threats to wireless networks and know foundational measures to prevent unauthorized access.

Level 2: Proficient

At a proficient level, you are able to effectively implement and maintain wireless security protocols to protect sensitive information from unauthorized access, ensuring data confidentiality and integrity in an organization's network.

Level 3: Advanced

At an advanced level, you are able to design, implement, and manage complex wireless security solutions to protect sensitive information and defend against advanced cyber threats effectively within the organization.

Cybersecurity Auditing

Cybersecurity Auditing is the systematic evaluation and assessment of an organization's cybersecurity measures. This capability includes examining the effectiveness of controls, procedures, and policies in identifying, managing, and mitigation of information security risks to ensure operational and regulatory compliance.

Level 1: Emerging

At an emerging level, you are familiarising yourself with basic cybersecurity auditing principles. You're learning to identify and assess potential security risks within the organization's information systems.

Level 2: Proficient

At a proficient level, you are able to conduct comprehensive cybersecurity audits, identifying vulnerabilities and recommending improvements to safeguard sensitive information and prevent unauthorized access within the organization.

Level 3: Advanced

At an advanced level you are proficient in conducting thorough and comprehensive cybersecurity audits, identifying vulnerabilities, implementing controls, and providing strategic recommendations to enhance overall information security posture within the organization.

Blockchain Security

Blockchain Security is the application of stringent protocols and protective measures to safeguard blockchain technology from digital threats, ensuring data integrity, confidentiality, and availability, while enhancing trust within an organization's distributed ledger systems. It is vital for maintaining robust information security.

Level 1: Emerging

At an emerging level, you are exploring the basics of Blockchain Security. You can identify common threats, understand blockchain principles, and apply basic security measures within an information security context.

Level 2: Proficient

At a proficient level you are able to implement and maintain secure Blockchain protocols, ensuring data integrity, confidentiality, and availability within an Information Security framework.

Level 3: Advanced

At an advanced level you are able to implement and manage blockchain security measures effectively to protect sensitive information and prevent unauthorized access, ensuring the integrity and confidentiality of data.

Capabilities