Cyber Security Capability Framework & Mapping of ISM Roles - agimo

More documents

Recommendations

Info

SERVICE DELIVERY The authorisation and monitoring of access to IT facilities or infrastructure in accordance withestablished organisational policy. Includes investigation of unauthorised access, compliance with relevant legislation and theperformance of other administrative duties relating to security management.APS 3/4 APS 5 APS 6Supports System Security1. Performs information security related supportfunctions for the organisation’s network.2. Applies organisational instructions and preestablishedguidelines to perform informationsecurity tasks within the organisation’s computingenvironment.3. Applies appropriate access controls and privilegesto an organisation’s computing environment.4. Recognises a potential security violation.5. Takes appropriate action to report incidents asrequired by procedure and, where applicable,legislation, in order to avert any effect from it.6. Complies with system shutdown procedures7. Supports Government Information SecurityManual (ISM) password complexity and frequencyof change policies.Delivers Service Excellence1. Provides end user information security support.2. Implements online warnings, or other suchdevices to inform others about access rules of theorganisation’s computing environment.Supports System Security1. Investigates minor security breaches inaccordance with established procedures.2. Works with other administrator level and technicalstaff to resolve information security problems.3. Applies appropriate access controls and privilegesto an organisation’s computing environment.4. Determines when security issues should beescalated to a higher level.5. Maintains agreed security records anddocumentation.6. Reviews logs as per logging procedures.Delivers Service Excellence1. Assists users in defining their access rights andprivileges, and operates agreed logical accesscontrols and security systems.2. Manages accounts, network rights and access.3. Demonstrates effective communication of securityissues to business managers and others.Leads and Develops People1. Provides on the job training for junior personnel.Supports System Security1. Investigates identified security breaches inaccordance with established procedures andrecommends any required actions.2. Examines potential security violations todetermine if the network environment securitypolicy has been breached, assesses the impactand if appropriate preserves evidence.3. Analyses patterns of non-compliance (potentialbreaches) and takes appropriate administrative ortechnological action to minimise security risks andinsider threats.4. Maintains security records and documentation.Delivers Service Excellence1. Assists users in defining their access rights andprivileges, and administers logical access controlsand security systems.2. Coordinates and ensures end user support for allinfrastructure applications and operations.3. Implements the organisation’s information securityrelated customer support policies, procedures andstandards.Leads and Develops People1. Leads a small team to quickly and completelysolve information security problems for theorganisation.2. Provides on the job training for junior personnel.Produced for AGIMO by Workplace Research Associates Pty Ltd 2010 Page 8
SERVICE DELIVERY The authorisation and monitoring of access to IT facilities or infrastructure in accordance withestablished organisational policy. Includes investigation of unauthorised access, compliance with relevant legislation and theperformance of other administrative duties relating to security management.EL 1 EL 2Supports System Security1. Reviews information systems for actual or potential breaches in security andensures that all identified breaches in security are promptly and thoroughlyinvestigated.2. Ensures that security records are accurate and complete includingcertification documentation.Delivers Service Excellence1. Develops and manages customer service performance requirements forinformation securityLeads and Develops People1. Provides on the job training and coaching for team members.Supports Shared Purpose and Direction1. Drafts and maintains the policy, standards, procedures and documentationfor security.2. Interprets security policy and contributes to development of standards andguidelines that comply with this.3. Monitors contract performance and reviews deliverables and contractrequirements related to organisational information technology security andprivacy.Supports System Security1. Reviews reports on, or analyses information on, security incidents andpatterns to determine remedial actions to correct vulnerabilities.Delivers Service Excellence1. Develops and manages customer service performance requirements forinformation security.2. Ensures information ownership responsibilities are established for eachinformation system and implements a role based access scheme.Leads and Develops People1. Performs project management duties where appropriate.2. Directs the implementation of appropriate operational structures andprocesses to ensure an effective information security program.3. Oversees an information security section.4. Acts as a mentor.Supports Shared Purpose and Direction1. Develops strategies for ensuring the security of automated systems.2. Develops ICT Security direction and policy.3. Ensures that the policy and standards for security are fit for purpose, currentand are correctly implemented.4. Reviews new business proposals and provides specialist advice on securityissues and implications.5. Advises the appropriate stakeholders of changes affecting the organisation’sinformation technology security postureProduced for AGIMO by Workplace Research Associates Pty Ltd 2010 Page 9
Page 1 and 2: AUSTRALIAN GOVERNMENT INFORMATION M
Page 3 and 4: Introduction and BackgroundIn May 2
Page 5 and 6: WorkshopOnce the documents had been
Page 7: CYBER SECURITY CAPABILITY FRAMEWORK
Page 11 and 12: INFORMATION SECURITY The management
Page 13 and 14: TECHNOLOGY AUDIT The independent, r
Page 15 and 16: EMERGING TECHNOLOGY MONITORING The
Page 17 and 18: INFORMATION TECHNOLOGY SECURITY MAN
Page 19 and 20: INFORMATION TECHNOLOGY SECURITY OFF

Cyber Security Capability Framework & Mapping of ISM Roles - agimo

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?