Dimension 1
e-competence area
Dimension 2
e-Competence: Title + generic description
E.8 Information Security Management
Implements information security policy. Monitors and takes action against intrusion, fraud and security breaches or leaks. Ensures that security risks are analysed and managed with respect to enterprise data and information. Reviews security incidents and makes recommendations for continuous security enhancement.
Dimension 3
e-Competence proficiency levels (on e-CF levels e-1 to e-5, related to EQF levels 3 to 8
Level 2
Systematically scans the environment to identify and define vulnerabilities and threats. Records and escalates non-compliance.

Level 3
Evaluates security management measures and indicators and decides if compliant to information security policy. Investigates and instigates remedial measures to address any security breaches.

Level 4
Provides leadership for the integrity, confidentiality and availability of data stored on information systems and complies with all legal requirements.

Dimension 4
Knowledge examples Knows/ Aware of/ Familiar with:
- K1 the organisations security management policy and its implications for engagement with customers, suppliers and subcontractors
- K2 the best practices and standards in information security management
- K3 the critical risks for information security management
- K4 the IS internal audit approach
Skills examples Able to:
- S1 document the information security management policy, linking it to business strategy
- S2 analyse the company critical assets and identify weaknesses and vulnerability to intrusion or attack
- S3 establish a risk management plan to feed and produce preventative action plans
- S4 perform security audits

Back to list