Description
Defines and makes applicable a formal organisational strategy, scope and culture to maintain safety and security of information from external and internal threats, i.e. digital forensic for corporate investigations or intrusion investigation.
Provides the foundation for Information Security Management, including role identification and accountability.
Uses defined standards to create objectives for information integrity, availability, and data privacy.
Levels
Level 4
Exploits depth of expertise and leverages external standards and best practices.
Level 5
Provides strategic leadership to embed information security into the culture of the organisation
Knowledge
The potential and opportunities of relevant standards and best practices
The impact of legal requirements on information security
The information strategy of the organisation
Possible security threats
The mobility strategy
The different service models (SaaS, PaaS, IaaS) and operational translations (i.e. cloud computing)
Skills
Develop and critically analyse the company strategy for information security
Define, present and promote an information security policy for approval by the senior management of the organisation
Apply relevant standards, best practices and legal requirements for information security
Anticipate required changes to the organisation’s information security strategy and formulate new plans
Propose effective contingency measures
Functies met D.1 Information Security Strategy Development competentie