Overview TECHIS60241. Carry out risk assessment and management activities



Similar documents
Overview TECHIS Carry out security testing activities

ESKISP Direct security testing

ESKISP Conduct security testing, under supervision

ESKISP Conducts vulnerability assessment under supervision

ESKISP Manage security testing

Overview TECHIS Manage information security business resilience activities

ESKISP Assist security testing, under supervision

ESKISP Direct security architecture development

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

Overview TECHIS Carry out security architecture and operations activities

ESKITP Identify change management opportunities and options for IT enabled systems 1

ESKITP6026 IT Security Management Level 6 Role

ESKITP Implement procedures and standards relating to metrics for IT service delivery

ESKITP Assist in the preparation of change management plans and assignments for IT enabled systems 1

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

ESKITP Authorise strategy, policies and standards relating to IT service delivery performance metrics management

ESKITP6036 IT Disaster Recovery Level 5 Role

Risk Management. National Occupational Standards February 2014

ESKITP Design and implement change management plans for IT enabled systems 1

CFABAI132 Inform and facilitate organisational decision-making

Overview SFLOLC1. Develop and implement a management system to ensure

ESKITP6034 IT Disaster Recovery Level 4 Role

ESKITP7072 IT/Technology Capacity Management Level 2 Role

ESKITP7102 IT/Technology Asset and Configuration Management Level 2 Role

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

1.20 Appendix A Generic Risk Management Process and Tasks

EUSNCO309 (SQA Unit Code - FA9F 04) Monitor the installation process for Network Construction Operations

ESKITP5023 Software Development Level 3 Role

Overview COSCSMO10. Implement, monitor and control strategic procurement systems in construction management

Policy Document Control Page

ESKITP5022 Software Development Level 2 Role

ESKITP7025 IT/Technology Service Help Desk and Incident Management Level 5 Role

FSPDC01 Obtain and validate credit information to instigate debt collections

Promote security system and service sales

Business Continuity Management Policy

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

ESKITP Manage IT service delivery performance metrics

A Risk Management Standard

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements

Framework for Enterprise Risk Management

Cyber Security for your Connected Health Device

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

ESKITP7022 IT/Technology Service Help Desk and Incident Management Level 2 Role

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Confident in our Future, Risk Management Policy Statement and Strategy

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

ESKITP5022v2 Perform software development activities under direction

Project Management Frequently Asked Questions:

Research Data Security. Paul Kennedy IT Services

Information Security Policy. Chapter 11. Business Continuity

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

External Supplier Control Requirements

CFACC29 Develop and enhance performance management in a contact centre

Business Continuity Policy

Information security controls. Briefing for clients on Experian information security controls

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Committees Date: Subject: Public Report of: For Information Summary

ESKITP5065 Software Development Process Improvement Level 5 Role

Cyber Security - What Would a Breach Really Mean for your Business?

IT Change Management Policy

A guide for members APES 325 Risk Management for Firms

National Cyber Security Policy -2013

NSW Government ICT Benefits Realisation and Project Management Guidance

No. 33 February 19, The President

Cyber Security Solutions Integrated. Proactive. Resilient.

Cyber-Security. FAS Annual Conference September 12, 2014

Risk Assessment and Cloud Strategy Development: Getting it Right this Time!

State Records Guideline No 25. Managing Information Risk

1. Background and business case

How To Manage Risk On A Scada System

Application Guidance CCP Penetration Tester Role, Practitioner Level

UNCLASSIFIED. Victorian Protective Data Security Framework (VPDSF) ROSETTA STONE

FINRA Publishes its 2015 Report on Cybersecurity Practices

SecSDM: A Model for Integrating Security into the Software Development Life Cycle

UIIPA - Security Risk Management. June 2015

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Internet Safety and Security: Strategies for Building an Internet Safety Wall

ISO27032 Guidelines for Cyber Security

Title: Rio Tinto management system

NICE and Framework Overview

FSPFCC04(SQA Unit Code-F88P 04) Ensure you comply with regulations in your financial services environment

How To Deal With A Converged Threat From A Cloud And Mobile Device To A Business Or A Customer'S Computer Or Network To A Cloud Device

Data Masking Best Practices

Sytorus Information Security Assessment Overview

The purpose of this Unit is to develop an awareness of the knowledge and skills used by ethical and malicious hackers.

The Gateway Review Process

Certified Identity and Access Manager (CIAM) Overview & Curriculum

(Financial Accounting Team)

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

CONTROLLED DOCUMENT. Number: Version Number: 4. On: 25 July 2013 Review Date: June 2016 Distribution: Essential Reading for: Information for:

CYBER SECURITY GUIDANCE

Protection of Essential Infrastructure and Services

COSCSMO10 - SQA Unit Code FM1W 04 Implement strategic sourcing partnerships

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Kangas Cybersecurity strategy

THE OPEN UNIVERSITY OF TANZANIA

Central Services. Business Support Service JOB DESCRIPTION

ESKIPIM2 (SQA Unit Code - F9AD 04) Personal information management software

How to Make RAM Part of the Business Process

Transcription:

Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection of digital information within systems and devices, and what needs to be protected, is less so. Information risk is concerned with the importance of information to the organisation and the harm that can be caused from the failure to manage, use or protect information in all its forms. Risk management allows an organisation to prioritise risks, deploy resources efficiently and to treat risks using a consistent and documented approach taking into account threats, vulnerabilities, assets and harm. System risk needs to be understood and actively foreseen and managed within this context. This role involves following the steps in the information risk assessment and management process. Ensuring that information risks are identified and assessed, that an impact assessment is undertaken, that risk treatment options are specified, appropriate controls selected and that there is ongoing monitoring and review. TECHIS60241 1

Performance criteria You must be able to: 1. correctly identify the range of response actions that may be used to mitigate/control risks in line with organisational 2. take decisive and timely action in the event of risks being realised and impacting the integrity of information systems in line with organisational 3. perform risk assessments that clearly identify and assess potential risks in terms of their probability of occurrence 4. analyse the identified risks to assess their potential impact on information assets and to determine whether they are within specified risk tolerance levels 5. contribute to the development and maintenance of risk management plans used to mitigate risks in accordance with relevant internal and external 6. assess and validate information on current and potential threats to the business, analysing trends and highlighting information security issues relevant to the organisation 7. predict and prioritise threats to an organisation and their methods of attack in line with organisational 8. analyse the significance and implication of processed intelligence to identify significant trends, potential threat agents and their capabilities 9. use human factor analysis in the assessment of threats in line with organisational 10. use threat intelligence to develop attack trees in line with organisational 11. prepare and disseminate intelligence reports providing threat indicators and warnings in line with organisational 12. scan information systems and networks for public domain vulnerabilities, reporting potential issues and mitigation options in line with organisational 13. make recommendations as to the specific actions that should be applied to mitigate risks and escalate risks that are outside agreed risk tolerance levels 14. review and apply the strategy, policies, procedures, tools and techniques relating to security risk assessment and 15. correctly identify and assist in the development of a risk contingency plan for a non complex system, based upon analysis of the probability and impact of potential risks to a specific information system 16. objectively analyse and clearly present the findings from risk assessment and to sponsors, stakeholders and external bodies TECHIS60241 2

TECHIS60241 3

Knowledge and understanding You need to know and understand: 1. information is an organisational asset that has a value, which may be relative depending on the perspective taken, and therefore can be classified to reflect its importance to an organisation or individual 2. information is vulnerable to threats in systems 3. information has attributes relating to confidentiality, possession or control, integrity, authenticity, availability, and utility, any of which can make it vulnerable to attack 4. information may need to be protected. and some of the reasons why that protection must occur, including legal and regulatory drivers, customer rights or organisational objectives 5. information has a lifecycle, from creation through to deletion, and protection may be required and may change throughout that lifecycle 6. that information risk assessment and management is a term referring to the process of documenting what information is at risk, the type and level of risk, and the impact of realisation 7. the value and role of risk management within a business information security strategy 8. the range of issues associated with information security risk assessment and 9. the range of approaches that can be taken to risk assessment and and their appropriateness in a range of business contexts 10. the internal and external factors that may impact on security risk 11. the regulations, legislation, internal and external that may apply to information security risk assessment and 12. who is responsible for leading/managing the risk assessment and 13. that risk should be planned as ongoing/cyclical activity 14. how to develop and maintain a risk management plan 15. the risk tolerance levels specified for managing risk 16. the need to be accountable for the successful management of security risks TECHIS60241 4

Developed by e-skills Version Number 1 Date Approved January 2016 Indicative Review Date Validity Status Originating Organisation Original URN Relevant Occupations Suite Keywords April 2019 Current Original The Tech Partnership TECHIS60241 Information and Communication Technology; Information and Communication Technology Officer; Information and Communication Technology Professionals Information Security Information security, cyber security, risk assessment, risk management TECHIS60241 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information