Elements and Performance Criteria
- Assess network security threats and vulnerabilities to identify risk
- Assess and report on current system security, according to required asset security level
- Determine additional network, software, hardware and system security threats and vulnerabilities
- Use identified threats and vulnerability information to identify security risks
- Make recommendations to management to address security deficiencies, according to current and future commercial and business requirements
- Implement countermeasures for identified vulnerabilities and threats
- Test and verify functionality and performance of security system implemented
- Provide systems for monitoring and maintaining security
- Monitor current network security, including physical aspects, using appropriate third-party testing software where applicable
- Review logs and audit reports to identify and record security incidents, intrusions or attempts
- Carry out spot checks and audits to ensure that procedures are not being bypassed
- Document newly discovered security threats, vulnerabilities and risks in a report for presentation to appropriate person to gain approval for changes to be made