Elements and Performance Criteria
- Plan information security strategies
- Discuss implementation opportunities for organisational information security strategies with required personnel
- Gain management buy in and approval in planning and implementing information security strategy
- Identify and confirm organisational policies including password policies, bring your own device (BYOD) and on boarding processes with required personnel
- Analyse organisational environments, processes and risk profile requirements
- Identify legislation and industry requirements to implement information security strategies in an organisation
- Design and implement information security strategy
- Develop action plan with specific goals and objectives of information security strategy according to organisational needs
- Design secure network infrastructure and security strategy according to organisational needs
- Analyse data classifications and levels of access in operational processes and integrate with strategy
- Document designed information security strategy according to organisational procedures
- Implement information security strategy according to design and organisational needs
- Test and finalise information security strategy
- Establish security baselines and metrics according to organisational needs
- Perform testing procedures and confirm information security strategy addresses organisational needs
- Record and compare test results to established metrics and benchmarks
- Finalise documentation and report information security strategy outcomes to required personnel
- Obtain feedback from required personnel and amend information security strategy accordingly
- Review final information security strategy and obtain sign-off from required personnel