Information security strategy

Description

The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.

Alternative labels

Skill type

knowledge

Skill reusability level

sector-specific

Relationships with occupations

Essential knowledge

Information security strategy is an essential knowledge of the following occupations:

ICT security consultant: ICT security consultants advise and implement solutions to control access to data and programs. They promote a safe exchange of information.

Chief ICT security officer: Chief ICT security officers protect company and employee information against unauthorized access. They also define the Information System security policy, manage security deployment across all Information Systems and ensure the provision of information availability.
ICT security manager: ICT security managers propose and implement necessary security updates. They advise, support, inform and provide training and security awareness and take direct action on all or part of a network or system.

Director of compliance and information security in gambling: Directors of compliance and information security in gambling follow the regulatory compliance for gambling and oversee Information Security to ensure secure and safe use of all information technology associated in gambling.
ICT information and knowledge manager: ICT information and knowledge managers contribute to the definition of organisational information strategy and apply information and knowledge creation, editing, storage, and distribution policies. They manage the maintenance and evolution of structured and unstructured information. They create digital structures to enable exploitation and optimisation of information and knowledge, manage data analysis and enable business intelligence.
ICT network engineer: ICT network engineers implement, maintain and support computer networks. They also perform network modelling, analysis, and planning. They may also design network and computer security measures. They may research and recommend network and data communications hardware and software.

Optional knowledge

Information security strategy is optional for these occupations. This means knowing this knowledge may be an asset for career advancement if you are in one of these occupations.

ICT security administrator: ICT security administrators plan and carry out security measures to protect information and data from unauthorised access, deliberate attack, theft and corruption.
Integration engineer: Integration engineers develop and implement solutions which coordinate applications across the enterprise or its units and departments. They evaluate existing components or systems to determine integration requirements and ensure that the final solutions meet organisational needs. They reuse components when possible and assist management in taking decisions. They perform ICT system integration troubleshooting.
Digital forensics expert: Digital forensics experts retrieve and analyse information from computers and other types of data storage devices. They examine digital media that may have been hidden, encrypted or damaged, in a forensic manner with the aim to identify, preserve, recover, analyse and present facts and opinions about the digital information.
ICT disaster recovery analyst: ICT disaster recovery analysts develop, maintain, and implement ICT continuity and disaster recovery strategies and solutions. They support the technical teams, assess the risks, design and develop procedures, documentation and strategies for disaster recovery in order for business functions to continue and recover with a minimal loss of data. They also coordinate the system backups tests and validations.
Ethical hacker: Ethical hackers perform security vulnerability assessments and penetration tests in accordance with industry-accepted methods and protocols. They analyse systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses.
ICT system administrator: ICT system administrators are responsible for the upkeep, configuration, and reliable operation of computer and network systems, servers, workstations and peripheral devices. They may acquire, install, or upgrade computer components and software; automate routine tasks; write computer programs; troubleshoot; train and supervise staff; and provide technical support. They ensure optimum system integrity, security, backup and performance.
IT auditor: IT auditors perform audits of information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security. They evaluate ICT infrastructure in terms of risk to the organisation and establish controls to mitigate loss. They determine and recommend improvements in the current risk management controls and in the implementation of system changes or upgrades.
Webmaster: Webmasters deploy, maintain, monitor and support a web server to meet service requirements. They ensure optimum system integrity, security, backup and performance. They coordinate the content, quality and style of websites, execute the website strategy and update and add new features to websites.
Chief data officer: Chief data officers manage companies’ enterprise-wide data administration and data mining functions. They ensure data are used as a strategic business asset at the executive level and implement and support a more collaborative and aligned information management infrastructure for the benefit of the organisation at large.

 


 

References

  1. Information security strategy – ESCO

 

Last updated on September 20, 2022