Direct and be fully accountable for information risk assessment and management

URN: ESKISP6036.01
Business Sectors (Suites): Information Security
Developed by: SDS
Approved on: 2013

Overview

​This standard covers the competencies concerned with directing risk assessment and risk management activities. It includes setting the strategy and policies for risk assessment and risk management, and being fully accountable for successful information security risk assessment and management operations.


Performance criteria

You must be able to:

​You must be able to: 

P1 define the information security risk assessment and management strategy, policies and standards 

P2 design procedures, tools and techniques relating to risk assessment and management activities 

P3 be fully accountable for successful information security risk assessment and management  

P4 correctly identify the potential implications of emerging risks on the wider business operations and business strategy  

P5 provide timely and objective advice and guidance to others on all aspects of risk assessment and management frameworks and activities including best practice and the application of lessons learned  

P6 direct resource allocation and professional development strategy for information security risk assessment and management activities 

P7 make effective and timely decisions to improve the quality and effectiveness of risk assessment and management activities within an organisation  

P8 provide thought leadership on the discipline of risk assessment and management, contributing to internal best practice and to externally recognised publications, white papers etc


Knowledge and Understanding

You need to know and understand:

​You must be able to: 

K1 how to manage the implications and consequences:  

K1.1 of failure to mitigate/control risks that arise 

K1.2 of risk assessment and management activities failing to meet the expectations of the business  

K2 the need to advise and guide others on all aspects of strategic risk assessment and management activities 

K3 how lessons learned may be applied to the risk management activities of other programmes  

K4 sources of best practice in risk assessment and management activities 

K5 the q to design and develop the strategy, policies plans and standards to ensure the alignment with business requirements and all relevant legislation regulations and external standards 

K6 the importance of using lessons learned in order to inform the risk management activities of future activities 


Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary


Links To Other NOS


External Links


Version Number

1

Indicative Review Date

2015

Validity

Current

Status

Original

Originating Organisation

e-skills UK

Original URN

ESKISP6036.01

Relevant Occupations

Information and Communication Technology, Information and Communication Technology Officer, Information and Communication Technology Professionals, IT Service Delivery Occupations, Software Development

SOC Code


Keywords

Cyber Security; Information Security