Direct and be fully accountable for information risk assessment and management
URN: ESKISP6036.01
Business Sectors (Suites): Information Security
Developed by: SDS
Approved on:
2013
Overview
This standard covers the competencies concerned with directing risk assessment and risk management activities. It includes setting the strategy and policies for risk assessment and risk management, and being fully accountable for successful information security risk assessment and management operations.
Performance criteria
You must be able to:
You must be able to:
P1 define the information security risk assessment and management strategy, policies and standards
P2 design procedures, tools and techniques relating to risk assessment and management activities
P3 be fully accountable for successful information security risk assessment and management
P4 correctly identify the potential implications of emerging risks on the wider business operations and business strategy
P5 provide timely and objective advice and guidance to others on all aspects of risk assessment and management frameworks and activities including best practice and the application of lessons learned
P6 direct resource allocation and professional development strategy for information security risk assessment and management activities
P7 make effective and timely decisions to improve the quality and effectiveness of risk assessment and management activities within an organisation
P8 provide thought leadership on the discipline of risk assessment and management, contributing to internal best practice and to externally recognised publications, white papers etc
Knowledge and Understanding
You need to know and understand:
You must be able to:
K1 how to manage the implications and consequences:
K1.1 of failure to mitigate/control risks that arise
K1.2 of risk assessment and management activities failing to meet the expectations of the business
K2 the need to advise and guide others on all aspects of strategic risk assessment and management activities
K3 how lessons learned may be applied to the risk management activities of other programmes
K4 sources of best practice in risk assessment and management activities
K5 the q to design and develop the strategy, policies plans and standards to ensure the alignment with business requirements and all relevant legislation regulations and external standards
K6 the importance of using lessons learned in order to inform the risk management activities of future activities
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
Links To Other NOS
External Links
Version Number
1
Indicative Review Date
2015
Validity
Current
Status
Original
Originating Organisation
e-skills UK
Original URN
ESKISP6036.01
Relevant Occupations
Information and Communication Technology, Information and Communication Technology Officer, Information and Communication Technology Professionals, IT Service Delivery Occupations, Software Development
SOC Code
Keywords
Cyber Security; Information Security