Security Strategy

Establish the organisation's security vision, strategy and initiatives to ensure adequate protection of assets. This involves the planning, implementation and review of enterprise-wide security controls which includes policies, processes, physical infrastructure, software and hardware functions to govern and preserve the privacy, security and confidentiality of the organisation's information and assets



Competency Area

Strategy Planning and Implementation


Assess security risks, threats and vulnerabilities, and recommend security initiatives to mitigate them

Security risks, threats and vulnerabilities

Linkage of business processes to security systems

Techniques and considerations in security programme design

Application of information security and assurance architectures

Existing internal and external security standards

Establish security goals and objectives

Undertake goal setting and objectives of organisation security

Can use the best practices in information security policies and draw up immediate implementable lessons

Can conduct gap analysis in organisation security and the iplications and impact of security gaps impact

Develop a detailed action plan for a security programme, making periodic updates with technological or regulatory changes

Deliver advice and guidance to facilitate adoption of information security and assurance architectures

Monitor the effectiveness of security initiatives, against internal and external standards

Create an overarching information security strategy and frameworks

Vision and strategy development for organisational security

Key principles of information security and assurance

Industry standards, frameworks and best practice in information classification and permissions

Business impact projection and analysis

Industry best practices and benchmarks or standards in organisational security

Emerging security risks, threats and vulnerabilities security management benchmarks

Establish standards and practices to protect the integrity, authenticity and confidentiality of information

Manage compliance with information security guidelines and classification or permission rules

Lead communication of security goals and objectives to the organisation

Review existing security controls against current and future costs / risks to the business

Develop strategies and plans to resolve security gaps

Drive organisation-wide security initiatives in line with internal and external standards