Cyber Security Capability Framework & Mapping of ISM Roles - agimo
Cyber Security Capability Framework & Mapping of ISM Roles - agimo
Cyber Security Capability Framework & Mapping of ISM Roles - agimo
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Introduction and BackgroundIn May 2010, Workplace Research Associates was engaged by the Australian GovernmentInformation Management Office (AGIMO) to assist in the mapping <strong>of</strong> <strong>Cyber</strong> <strong>Security</strong>Capabilities to the Australian Public Service Commission’s (APSC) ICT <strong>Capability</strong><strong>Framework</strong>. Specifically, the aim <strong>of</strong> the project was to:• Map and validate the Department <strong>of</strong> Defence’s Development and CompetencyAssessment <strong>Framework</strong> (DeCAF) competencies to the security capability areasdefined in the Australian Public Service Commission’s ICT <strong>Capability</strong> <strong>Framework</strong>;• Map and validate the DeCAF competencies to the Chief Information <strong>Security</strong> Officer,IT <strong>Security</strong> Manager and IT <strong>Security</strong> Officer roles defined in the AustralianGovernment’s Information <strong>Security</strong> Manual (<strong>ISM</strong>);This report presents the <strong>Cyber</strong> <strong>Security</strong> <strong>Capability</strong> <strong>Framework</strong>, which is the outcome <strong>of</strong> thefirst <strong>of</strong> the aims above and the Mapped <strong>ISM</strong> <strong>Roles</strong>, which is the outcome <strong>of</strong> the second <strong>of</strong>the aims above.MethodologyThe methodology for the project included the following stages:Part 1 – <strong>Mapping</strong> <strong>of</strong> the DeCAF to the ICT <strong>Capability</strong> <strong>Framework</strong>:1. Initial meeting with AGIMO representatives to confirm the scope <strong>of</strong> the project andthe documents to be mapped;2. Review <strong>of</strong> the Department <strong>of</strong> Defence’s Development and Competency Assessment<strong>Framework</strong> (DeCAF) and the Australian Public Service Commission’s ICT <strong>Capability</strong><strong>Framework</strong>;3. <strong>Mapping</strong> <strong>of</strong> the DeCAF to the APSC’s ICT <strong>Capability</strong> <strong>Framework</strong>;4. A workshop to validate the initial mapping process and initial draft <strong>of</strong> the <strong>Cyber</strong><strong>Security</strong> <strong>Capability</strong> <strong>Framework</strong>;5. Review and redrafting <strong>of</strong> the <strong>Framework</strong> in line with the results <strong>of</strong> the workshop.Part 2 – <strong>Mapping</strong> <strong>of</strong> the <strong>ISM</strong> roles to the <strong>Cyber</strong> <strong>Security</strong> <strong>Capability</strong> <strong>Framework</strong>:1. <strong>Mapping</strong> <strong>of</strong> the Chief Information <strong>Security</strong> Officer, IT <strong>Security</strong> Advisor, IT <strong>Security</strong>Manager and IT <strong>Security</strong> Officer roles to the <strong>Cyber</strong> <strong>Security</strong> <strong>Capability</strong> <strong>Framework</strong>.PART 1APSC ICT <strong>Capability</strong> <strong>Framework</strong>The documents used to produce the <strong>Cyber</strong> <strong>Security</strong> <strong>Capability</strong> <strong>Framework</strong> included theAPSC’s ICT <strong>Capability</strong> <strong>Framework</strong>. This <strong>Framework</strong> has a two level structure with thefollowing main categories <strong>of</strong> capability:Produced for AGIMO by Workplace Research Associates Pty Ltd 2010 Page 3
Change language