ESKISP Direct security testing
Size: px
Start display at page:

Download "ESKISP6056.01 Direct security testing"

Transcription

1 Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being fully accountable for successful security testing activities and deliverables. This includes developing and implementing methodologies for assessing the level of assurance of information systems and the correct implementation of mitigation measures. ESKISP Direct security testing 1

2 Performance criteria You must be able to: P1 be fully accountable for all penetration and information security testing activities, results and recommendations for mitigation P2 P3 P4 P5 P6 P7 P8 P9 design, develop, implement and maintain the policy and standards to provide a detailed information security testing framework for use within the organisation review, improve and update penetration testing methods and tools to continue to provide effective testing services ensure penetration testing activities and reports are clearly documented design, develop, implement and maintain resourcing and training strategy and plans to retain and develop appropriate penetration and information security testing expertise within the organisation continually monitor information security threat trends and keep aware of the latest information providing informed guidance to penetration testing activities monitor the quality and effectiveness of penetration testing activities, critically reviewing the approach and process and making recommendations for improvement where appropriate provide timely and objective advice and guidance to others on all aspects of information security testing activities including penetration testing best practice and the application of lessons learned maintain an authoritative position on proactive information security testing to identify and disseminate new threats to contribute to the body of knowledge P10 develop communication processes for internal and external parties (e.g. customers) relating to penetration testing activities and results P11 authorise the issue of formal reports to management on the effectiveness and efficiency of security testing, in appropriate ESKISP

3 language for the audience P12 provide thought leadership on the discipline of information security testing, contributing to internal best practice and to externally recognised publications, white papers etc P13 take timely and decisive action in the event of information security testing activities and their deliverables not complying with relevant legislation, regulations, and internal and external standards ESKISP

4 Knowledge and understanding You need to know and understand: K1 K2 K3 K4 K5 K6 K7 K8 K9 who are the executive sponsors and stakeholders of information security testing activities within the organisation the need to advise and guide others on all aspects of information security testing activities how to manage the implications and consequences: K3.1 of failure to identify and mitigate/control risks that arise K3.2 of information security testing activities failing to meet the expectations of the business sources of best practice in information security testing activities the importance of analysing the results gained from monitoring the alignment of information security testing activities and their deliverables with all relevant legislation, regulation, internal and external standards, in line with organisational strategy, policies and standards the scope of information assurance governance within the organisation the importance of establishing effective capabilities for the assurance of information assets with the organisation the need to have effective and coordinated governance of a range of activities, including risk management, information security, vulnerability assessments, security education and awareness training the need to ensure that timely and effective independent review of information security testing activities takes place K10 how to objectively analyse the findings from independent review of information security testing activities and report recommendations to sponsors and stakeholders ESKISP

5 K11 how to design and develop strategy, policies plans and standards to ensure the alignment with all relevant legislation, regulations and external standards K12 the importance of using lessons learned in order to inform future information security testing ESKISP

6 Direct security testing Developed by e-skills UK Version number 1 Date approved February 2013 Indicative review date Validity Status Originating organisation Original URN Relevant occupations Suite Key words December 2015 Current Original e-skills UK ESKISP Information and Communication Technology; Information and Communication Technology Professionals; Information and Communication Technology Officer; IT Service Delivery Occupations; Software Development Information Security Cyber Security; Information Security ESKISP Direct security testing 6

Similar documents

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

ESKITP6026 IT Security Management Level 6 Role

ESKITP6026 IT Security Management Level 6 Role Overview This sub-discipline is about the competencies required to ensure the security of all aspects of Information Technology services, systems and assets within an organisation. This includes the data,

More information

ESKISP6064.03 Conducts vulnerability assessment under supervision

ESKISP6064.03 Conducts vulnerability assessment under supervision Conducts vulnerability assessment under supervision Overview This standard covers the competencies required to conduct vulnerability assessments under supervision. This includes following processes for

More information

Overview TECHIS60441. Carry out security testing activities

Overview TECHIS60441. Carry out security testing activities Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information

ESKITP6036 IT Disaster Recovery Level 5 Role

ESKITP6036 IT Disaster Recovery Level 5 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6036 1 Performance criteria You

More information

ESKITP714401 Implement procedures and standards relating to metrics for IT service delivery

ESKITP714401 Implement procedures and standards relating to metrics for IT service delivery Overview This sub-discipline covers the competencies required to perform performance metrics. Monitoring service level performance is a complex task requiring collection of data, detailed analysis, and

More information

ESKITP714601 Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP714601 Authorise strategy, policies and standards relating to IT service delivery performance metrics management service delivery performance metrics Overview This sub-discipline covers the competencies required to direct the monitoring, analysis and communication of IT service delivery performance metrics. Monitoring

More information

ESKITP2034.03 Assist in the preparation of change management plans and assignments for IT enabled systems 1

ESKITP2034.03 Assist in the preparation of change management plans and assignments for IT enabled systems 1 Assist in the preparation of change management plans and assignments for IT Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction

More information

ESKITP2035.01 Identify change management opportunities and options for IT enabled systems 1

ESKITP2035.01 Identify change management opportunities and options for IT enabled systems 1 Identify change management opportunities and options for IT enabled Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction of business

More information

Overview TECHIS60851. Manage information security business resilience activities

Overview TECHIS60851. Manage information security business resilience activities Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,

More information

ESKITP6034 IT Disaster Recovery Level 4 Role

ESKITP6034 IT Disaster Recovery Level 4 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6034 1 Performance criteria You

More information

ESKISP6053.01 Assist security testing, under supervision

ESKISP6053.01 Assist security testing, under supervision Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

ESKITP7145.01 Manage IT service delivery performance metrics

ESKITP7145.01 Manage IT service delivery performance metrics Overview This sub-discipline covers the competencies required to manage the monitoring, analysis and communication of IT service delivery performance metrics. Monitoring service level performance is a

More information

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role IT/Technology Service Help Desk and Incident Management Level 5 Role Overview This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services

More information

ESKITP5065 Software Development Process Improvement Level 5 Role

ESKITP5065 Software Development Process Improvement Level 5 Role Software Development Process Improvement Level 5 Role Overview This sub-discipline covers the competencies required by an information technology and/or telecoms organisation to ensure that appropriate

More information

Overview TECHIS60341. Carry out security architecture and operations activities

Overview TECHIS60341. Carry out security architecture and operations activities Overview The protection of information, services and systems relies on a range of technical and procedural activities, often grouped in a framework. The framework will contain technical and logical, physical

More information

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role IT/Technology Asset and Configuration Management Level 2 Role Overview This sub-discipline is about the competencies required to maintain the integrity and consistency of the IT/technology configuration

More information

ESKITP2035.02 Design and implement change management plans for IT enabled systems 1

ESKITP2035.02 Design and implement change management plans for IT enabled systems 1 Design and implement change management plans for IT enabled systems Overview This sub-discipline, Change Management (203) is concerned with the competencies required to manage the introduction of business

More information

ESKITP6032 IT Disaster Recovery Level 2 Role

ESKITP6032 IT Disaster Recovery Level 2 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an. ESKITP6032 1 Performance criteria You must be able

More information

ESKITP5022 Software Development Level 2 Role

ESKITP5022 Software Development Level 2 Role Overview This sub discipline covers the core competencies required to create software to address the needs of business problems and opportunities, resulting in a variety of software solutions, ranging

More information

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP7072 IT/Technology Capacity Management Level 2 Role Overview This sub-discipline is about the competencies required to manage the capacity of IT/technology services, systems and assets that support an organisation. Capacity management covers a range of

More information

ESKITP5023 Software Development Level 3 Role

ESKITP5023 Software Development Level 3 Role Overview This sub discipline covers the core competencies required to create software to address the needs of business problems and opportunities, resulting in a variety of software solutions, ranging

More information

Service Management. 702 IT/Technology Service Help Desk and Incident Management

Service Management. 702 IT/Technology Service Help Desk and Incident Management 702 IT/Technology Service Help Desk and Incident Management This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services and assets,

More information

702 IT/Technology Service Help Desk and Incident Management

702 IT/Technology Service Help Desk and Incident Management 702 IT/Technology Service Help Desk and Incident Management This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services and assets,

More information

ESKITP4082 IT/Technology Infrastructure Design and Planning Level 2 Role

ESKITP4082 IT/Technology Infrastructure Design and Planning Level 2 Role IT/Technology Infrastructure Design and Planning Level 2 Role Overview This sub-discipline is part of overall service design. It concerns the design of, and planning for, resilient IT/ technology infrastructure

More information

ESKITP7026 IT/Technology Service Help Desk and Incident Management Level 6 Role

ESKITP7026 IT/Technology Service Help Desk and Incident Management Level 6 Role IT/Technology Service Help Desk and Incident Management Level 6 Role Overview This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services

More information

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment Ensure you comply with regulations in your financial services Overview This Standard is about working within the regulatory of the financial services industry. Most organisations within financial services

More information

Contribute to IT architecture work

Contribute to IT architecture work Overview This sub-discipline is concerned with the competencies required to create, maintain and manage IT architecture models representing the operating model for an organisation and their lower level

More information

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements Develop, maintain and evaluate business continuity plans and arrangements Overview This standard is about developing, maintaining and evaluating business continuity plans to ensure that organisations continue

More information

SFJCCAD2 Promote business continuity management

SFJCCAD2 Promote business continuity management Overview This unit is about providing advice and assistance on business continuity management, including general advice for the business and voluntary sectors, and specific advice and assistance to individual

More information

FSPBA1 Set up bank accounts for customers

FSPBA1 Set up bank accounts for customers Overview This unit is about the process of setting up bank accounts for both new and existing customers. You will need to complete the process of setting up individual accounts from initial enquiry, establishing

More information

ESKITP5064 Software Development Process Improvement Level 4 Role

ESKITP5064 Software Development Process Improvement Level 4 Role Software Development Process Improvement Level 4 Role Overview This sub-discipline covers the competencies required by an information technology and/or telecoms organisation to ensure that appropriate

More information

SFJPE1.3 Evaluate the effectiveness of the operational delivery business process

SFJPE1.3 Evaluate the effectiveness of the operational delivery business process Evaluate the effectiveness of the operational delivery business process Overview This standard concerns evaluating the effectiveness of new and adapted business processes. The scope of work needs to address

More information

ESKITP7052 IT/Technology Management and Support Level 2 Role

ESKITP7052 IT/Technology Management and Support Level 2 Role Overview This sub-discipline is about the competencies required to ensure that the infrastructure required to support the delivery of IT/technology systems, services and assets for an organisation remain

More information

ESKITP6033 IT Disaster Recovery Level 3 Role

ESKITP6033 IT Disaster Recovery Level 3 Role Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an. ESKITP6033 1 Performance criteria You must be able

More information

SFHAD4 Develop and disseminate information and advice about substance use, health and social well-being

SFHAD4 Develop and disseminate information and advice about substance use, health and social well-being Develop and disseminate information and advice about substance use, Overview For this standard you need to develop a range of information and advice materials to promote substance misuse services, and

More information

ESKITP5022v2 Perform software development activities under direction

ESKITP5022v2 Perform software development activities under direction Perform development activities under direction Overview This sub discipline covers the core competencies required to create to address business problems and realise opportunities, resulting in a variety

More information

CFACC29 Develop and enhance performance management in a contact centre

CFACC29 Develop and enhance performance management in a contact centre Develop and enhance performance management in a contact centre Overview What this standard is about Efficiency and effectiveness in contact centres rely on close management of performance. With defined

More information

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients Complete reports for mortgage and/or financial planning clients Overview You must be able to accurately complete reports of a complex nature, and take a proactive approach to the preparation of valuations

More information

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014 National Cybersecurity Assessment and Technical Services: Capability Brief Presented by: Sean McAfee Updated: May 5, 2014 Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities Services

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

Overview COSCSMO10. Implement, monitor and control strategic procurement systems in construction management

Overview COSCSMO10. Implement, monitor and control strategic procurement systems in construction management Overview This standard is about agreeing and implementing with stakeholders what systems are most effective for managing the project. The systems identified will need to be prioritised and formalised if

More information

ESKITP7082 Change and Release Management Level 2 role

ESKITP7082 Change and Release Management Level 2 role Overview This sub-discipline is about the competencies required for the management of changes required to the operational IT/technology configuration and environment in which it operates. The competencies

More information

Position Description. Technical Lead, Computer Network Defence. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Position Description. Technical Lead, Computer Network Defence. GCSB mission and values. Our mission. Our values UNCLASSIFIED Position Description Technical Lead, Computer Network Defence Business unit: Responsible to: Position purpose: Directorate overview: Information Assurance and Cyber Security Directorate Manager, Cyber

More information

APPLICABLE TO: Flow Systems Group and all employees. Risk Management

APPLICABLE TO: Flow Systems Group and all employees. Risk Management PURPOSE: Flow Systems is committed to managing its risks and ensuring compliance with all relevant laws and regulations in a proactive, on-going and positive manner. This document outlines Flow s Risk

More information

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role IT/Technology Service Help Desk and Incident Management Level 2 Role Overview This sub-discipline is about the competencies required to manage the contacts made by customers of IT/technology systems, services

More information

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service.

JOB PROFILE. Collaborate and work effectively with team members within the section and the rest of the Transformation Service. JOB PROFILE Job Title: Principal Commissioning Officer Consultant 3 Department: Corporate Resources Ref: DCC/14/0344 Section: Transformation Service Job Family: Transformation Job grade: 12 Purpose of

More information

ESKIPU1 Improving productivity using IT

ESKIPU1 Improving productivity using IT Overview This is the ability to plan, evaluate and improve procedures involving the use of IT tools and systems in order to improve the productivity and efficiency of tasks and activities. ESKIPU1 1 Performance

More information

Risk Management Policy

Risk Management Policy 1 Purpose Risk management relates to the culture, processes and structures directed towards the effective management of potential opportunities and adverse effects within the University s environment.

More information

Risk Management. National Occupational Standards February 2014

Risk Management. National Occupational Standards February 2014 Risk Management National Occupational Standards February 2014 Skills CFA 6 Graphite Square, Vauxhall Walk, London, SE11 5EE T: 0207 0919620 F: 0207 0917340 E: info@skillscfa.org www.skillscfa.org Skills

More information

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

NSW Government ICT Benefits Realisation and Project Management Guidance

NSW Government ICT Benefits Realisation and Project Management Guidance NSW Government ICT Benefits Realisation and Project Management Guidance November 2014 CONTENTS 1. Introduction 1 2. Document purpose 1 3. Benefits realisation 1 4. Project management 4 5. Document control

More information

SFS SYS 13 (SQA Unit Code - H4GR 04) Maintain the performance of electronic security systems

SFS SYS 13 (SQA Unit Code - H4GR 04) Maintain the performance of electronic security systems Maintain the performance of electronic security systems Overview This NOS sets out the skills, knowledge and understanding for you to maintain the operational performance of electronic security systems,

More information

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012 HUMAN SERVICES QUALITY FRAMEWORK STANDARDS - POLICIES DOCUMENT Q:/1 DATE REVEIWED: REFERENCE: GOVERNANCE AND August 2014 MANAGEMENT POLICY AUTHORISATION: STANDARD REFERENCE: NEXT REVIEW DATE: Management

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT 11852-08.2004 OVERVIEW

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT 11852-08.2004 OVERVIEW GENERAL OVERVIEW NAT 11852-08.2004 SEGMENT FORMAT PRODUCT ID INFORMATION MANAGEMENT STRATEGIC FRAMEWORK In the context of the Information Management Strategic Framework, information is defined as: information

More information

Contact Centre. National Occupational Standards May 2011

Contact Centre. National Occupational Standards May 2011 Contact Centre National Occupational Standards May 2011 Skills CFA 6 Graphite Square, Vauxhall Walk, London SE11 5EE T: 0207 0919620 F: 0207 0917340 Info@skillscfa.org www.skillscfa.org 2012 Skills CFA

More information

FSPBA8 SQA Unit Code H5FA 04 Process the transfer of foreign currency

FSPBA8 SQA Unit Code H5FA 04 Process the transfer of foreign currency Overview This unit is about your ability to process the transfer of all types of foreign currency in accordance with your organisation's requirements. You will need to operate currency accounts and arrange

More information

OE PROJECT CHARTER TEMPLATE

OE PROJECT CHARTER TEMPLATE PROJECT : PREPARED BY: DATE (MM/DD/YYYY): Project Name Typically the Project Manager Project Charter Last Modified Date PROJECT CHARTER VERSION HISTORY VERSION DATE (MM/DD/YYYY) COMMENTS (DRAFT, SIGNED,

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT

CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning

More information

White Paper. PPP Governance

White Paper. PPP Governance PPP Governance The Governance of Projects, Programs and Portfolios (PPP) (sometimes called project governance for convenience) is the sub-set of corporate and organisational governance 1 focused on assisting

More information

Government Communication Professional Competency Framework

Government Communication Professional Competency Framework Government Communication Professional Competency Framework April 2013 Introduction Every day, government communicators deliver great work which supports communities and helps citizens understand their

More information

Position Description

Position Description Position Description Wesley Disability Services Quality Risk & Compliance Specialist Agreement Signed Quality Risk and Compliance Specialist Signed Executive Manager, Wesley Disability Services Date Date

More information

CFASAA231 - Sqa Unit Code H4RT 04 Use IT to support your role

CFASAA231 - Sqa Unit Code H4RT 04 Use IT to support your role CFASAA231 - Sqa Unit Code H4RT 04 Overview Handle files, edit, format and check information, search for and use email. This is based on the e-skills UK Areas of Competence export units: General Uses of

More information

Job description HR Advisor

Job description HR Advisor Job description HR Advisor Main purpose of job To work closely with colleagues in the HR Business Partner team along with the wider PDO directorate to ensure delivery of a first class, professional and

More information

Application Guidance CCP Penetration Tester Role, Practitioner Level

Application Guidance CCP Penetration Tester Role, Practitioner Level August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document

More information

The OIE Regional Communications Workshop. a Strategy for Animal Health Communication. As of 10 November 2009

The OIE Regional Communications Workshop. a Strategy for Animal Health Communication. As of 10 November 2009 The OIE Regional Communications Workshop a Strategy for Animal Health Communication As of 10 November 2009 Page 1 of 10 Background & Context Challenges Member countries in the Asia and Pacific region are

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing

Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing Thales Pricing Schedule for Vulnerability Assessment and Penetration Testing April 2014 Page 1 of 8 Thales Pricing Schedule

More information

1. Background and business case

1. Background and business case 1. Background and business case This section explains the context and why the project is being undertaken. It provides the justification for investing the time and resources in the project. 1.1 Reasons

More information

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation Assess and mitigate the compliance risks relevant to your Overview This unit is about assessing the probability and impact of compliance breaches occurring in your, and completing a risk assessment of

More information

National Cybersecurity Assessment and Technical Services

National Cybersecurity Assessment and Technical Services National Cybersecurity Assessment and Technical Services Updated: September 9, 2015 NCATS Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities through two primary programs: Risk

More information

SFJ ZI02 Monitor and review the performance of technical support systems and equipment

SFJ ZI02 Monitor and review the performance of technical support systems and equipment Monitor and review the performance of technical support systems and Overview This unit covers monitoring and reviewing the performance of systems and i.e. common and complex audio, video and communication

More information

SFS SYS 7 (SQA Unit Code - H4GL 04) Audit electronic security systems

SFS SYS 7 (SQA Unit Code - H4GL 04) Audit electronic security systems Overview This NOS sets out the skills, knowledge and understanding for you to carry out audits of electronic security systems to confirm system compliance with operational requirements and legislation,

More information

Release: 1. ICTNWK607 Design and implement wireless network security

Release: 1. ICTNWK607 Design and implement wireless network security Release: 1 ICTNWK607 Design and implement wireless network security ICTNWK607 Design and implement wireless network security Modification History Release Release 1 Comments This version first released

More information

Policy. VBA Enterprise Risk Management. Governance Unit

Policy. VBA Enterprise Risk Management. Governance Unit Policy VBA Enterprise Risk Management Governance Unit Keywords: Policy; risk; governance. ID: Version no: Status: VBAPOL-0074 2.0 Final Issue date: Date of effect: Next review date: 14/07/2015 14/07/2015

More information

ESKITP7146.01 Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP7146.01 Authorise strategy, policies and standards relating to IT service delivery performance metrics management service delivery performance metrics Overview This sub-discipline covers the competencies required to direct the monitoring, analysis and communication of IT service delivery performance metrics. Monitoring

More information

FSPFC04 SQA Unit Code H5H2 04 Appraise applications for business financing and credit facilities

FSPFC04 SQA Unit Code H5H2 04 Appraise applications for business financing and credit facilities Appraise applications for business financing and credit facilities Overview This unit is about appraising applications for financing and/or credit facilities made by business customers. You will need to

More information

Promote security system and service sales

Promote security system and service sales Page 1 of 5 Promote security system and service sales Level 3 Credits 2 Purpose This unit standard is for people who work, or intend to work, as security system or service sales representatives, or in

More information

ASTFFL1 - SQA Unit Code H54C 04 Respond to requests for fire damage limitation work

ASTFFL1 - SQA Unit Code H54C 04 Respond to requests for fire damage limitation work Overview This standard is about responding to requests for fire damage limitation work. It includes confirming the details of fire damage limitation jobs, agreeing an initial plan of action and making

More information

Department of Health & Human Services

Department of Health & Human Services Department of Health & Human Services Position Description Senior Project Officer Data, Quality and Funding (Clinical Supervision / Simulation portfolio) The Senior Project Officer, Data, Quality and Funding

More information

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities JOB DESCRIPTION Job title: IT Security Analyst Grade: Responsible to: Responsible for: Liaises with: Head of IS N/A IS teams, Hanover colleagues, third party suppliers Role Purpose: Location: The purpose

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by

More information

NHS FIFE RECORDS MANAGEMENT COMPETENCIES FRAMEWORK V1.0, July 2013

NHS FIFE RECORDS MANAGEMENT COMPETENCIES FRAMEWORK V1.0, July 2013 NHS FIFE RECORDS MANAGEMENT COMPETENCIES FRAMEWORK V1.0, July 2013 Background This Framework describes the key knowledge and skills required by the Public Records Project Manager in NHS Fife and will be

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Page 7. Area Served: Borough Wide Chair of the Committee: Cllr Tim Crowley

Page 7. Area Served: Borough Wide Chair of the Committee: Cllr Tim Crowley Report to: Date: Report of: Audit Committee Page 7 27 th September Executive Head Policy and Customer Services Agenda Item 4 Ward Location: Not Applicable Author(s) and Contact Phone Number(s): Gill Bull,

More information

INFORMATION SECURITY POLICY

INFORMATION SECURITY POLICY Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies

More information

NSPCC JOB DESCRIPTION. Database Training and Support Manager. (Grade 5 - Senior Business Support Officer)

NSPCC JOB DESCRIPTION. Database Training and Support Manager. (Grade 5 - Senior Business Support Officer) NSPCC JOB DESCRIPTION Job Title: Database Training and Support Manager (Grade 5 - Senior Business Support Officer) Function: Department: Supporter Services and Database Administration Supporter Experience

More information

Council Policy Business Continuity Management

Council Policy Business Continuity Management Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

HKCAS Supplementary Criteria No. 8

HKCAS Supplementary Criteria No. 8 Page 1 of 12 HKCAS Supplementary Criteria No. 8 Accreditation Programme for Information Security Management System (ISMS) Certification 1 INTRODUCTION 1.1 HKAS accreditation for information security management

More information

ASTFFL6 - SQA Unit Code H54H 04 Prepare for flood damage emergencies

ASTFFL6 - SQA Unit Code H54H 04 Prepare for flood damage emergencies Overview 1 2 3 ASTFFL6 1 Performance criteria P1 P2 P3 confirm that you have the correct tools and equipment for the type of flood emergency you are likely to encounter confirm that you are authorised

More information

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information