Data Security
Control and apply good practices to protect data from unauthorised access, alteration, loss, or disclosure throughout its lifecycle (create → store → use → share → archive/dispose), so the organisation maintains confidentiality, integrity, and availability.
Proficiency Level
Level 1 (Follow)
- Understand basic security hygiene (strong passwords, MultiFactor Authentication MFA, phishing awareness, safe file handling).
- Follow SOP for storing/sharing data (approved drives, correct access settings).
- Promptly report suspected security incidents (such as lost devices, suspicious emails, or potential data leaks) through designated reporting channels.
Level 2 (Assist)
- Apply organisation data security policies and controls (classification, access control, encryption, secure sharing).
- Handle data securely in daily work (least privilege, clean desk/screen, secure disposal).
- Identify common risks (mis-sent emails, public links, weak permissions) and mitigates them.
Level 3 (Apply)
- Implement security controls in workflows/projects (role-based access, audit trails, secure data transfer).
- Conduct basic risk assessment and ensures compliance requirements are met (retention, logging, approvals).
- Investigate and resolves recurring issues with root-cause analysis; supports incident response.
Level 4 (Ensure)
- Design security controls for systems and processes (data lifecycle, segregation, DLP, monitoring).
- Lead security reviews (threat modelling, vendor/third-party assessment, penetration findings remediation).
- Coach teams and enforces standards; manages high-risk data use cases with governance.
Level 5 (Strategise)
- Define enterprise data security strategy, policies, and control framework aligned to business risk.
- Lead organisation-wide security programmes such as Zero Trust, Identity and Access Management (IAM), Data Loss Prevention (DLP) strategy, resilience, audit readiness.
- Oversee major incidents and regulatory obligations; drives continuous improvement and security culture.