Security Governance

Develop and disseminate corporate security policies, frameworks and guidelines to ensure that day-to-day business operations guard or are well protected against risks, threats and vulnerabilities

Proficiency Level

Level 1 (Follow)


Level 2 (Assist)


Level 3 (Apply)

  • Proactively identify security risks in business operations and implement security guidelines and protocols, in line with corporate security policies.
  • Recognises potential strategic application of information security and initiates investigation and development of innovative methods of protecting information assets, to the benefit of the organisation and the interface between business and information security.
  • Exploits opportunities for introducing more effective secure business and operational processes.

Level 4 (Ensure)

  • Evaluate security risks and establish corporate security policies and frameworks to guard against them.
  • Establish frameworks to develop and maintain appropriate information security expertise within an organisation.
  • Gain management commitment and resources to support the governance structure.
  • Incorporate physical, personnel and procedural issues into the overall security governance process.
  • Relate an organisation’s business needs to their requirements for information security.
  • Encourage an information risk awareness culture within an organisation. (e.g., raising awareness of how the various forms of social engineering can be used to compromise information).

Level 5 (Strategise)

  • Anticipate potential security threats and emerging trends in security management, establishing targets for the organisation's security policies and systems  
  • Establishing frameworks for maintaining the security of information throughout its lifecycle