Security Planning

Develop organisational strategies and policies by analysing the impact of internal and external influencing factors and seeking consultation from relevant stakeholders.

Proficiency Level

Level 1 (Follow)


Level 2 (Assist)


Level 3 (Apply)

  • Develop resource allocation plans and implement strategies and policies.
  • Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls.
  • Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems.
  • Investigates suspected attacks and manages security incidents.
  • Uses forensics where appropriate.

Level 4 (Ensure)

  •  Formulate the strategies and policies that are forward-looking and focus on bottom line results.
  • Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
  • Obtain and act on vulnerability information and conduct security risk assessments, business impact analysis and accreditation on complex information systems.
  • Investigate major breaches of security, and recommend appropriate control improvements.
  • Contribute to the development of information security policy, standards and guidelines.

Level 5 (Strategise)

  • Build actionable organisation strategy plans and policies that are forward-looking, anticipate strategic risks and focus on bottom line results.
  • Develop and communicate corporate information security policy, standards and guidelines.
  • Contribute to the development of organisational strategies that address information control requirements.
  • Identify and monitor environmental and market trends and pro-actively assess impact on business strategies, benefits and risks.
  • Lead the provision of authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions such as legal and technical support.
  • Ensure architectural principles are applied during design to reduce risk and drive adoption and adherence to policy, standards and guideline.
  • Direct the development, implementation, delivery and support of an enterprise information security strategy aligned to the strategic requirements of the business