Security Strategy

Defining the organisation's overall approach, priorities, principles, and roadmap for managing information security risks and protecting information assets.

Proficiency Level

Level 1 (Follow)

  • Understands the key security principles and policies derived from the strategy that apply to their role.
  • Follows security procedures consistently in their daily work.
  • Recognizes the importance of security for the organisation.

Level 2 (Assist)

  • Assists in gathering data on security risks, incidents, or control effectiveness to provide input for strategic reviews.
  • Helps document specific components of the security strategy or related policies under guidance.
  • Supports the tracking of progress on security initiatives defined within the strategy.

Level 3 (Apply)

  • Contributes to the implementation of specific security controls, technologies, or processes that are part of the security strategy (e.g., configuring a security tool according to policy).
  • Applies security principles aligned with the strategy when involved in projects or system changes.
  • Provides input on security considerations for their specific area of technical or functional expertise.

Level 4 (Ensure)

  • Develops specific security strategies and roadmaps for key domains (e.g., cloud security, data security, identity management) aligned with the overall security strategy.
  • Ensures security requirements and controls implemented within their area of responsibility are consistent with the organisation's risk appetite and strategic security goals.
  • Communicates relevant aspects of the security strategy and associated risks to stakeholders in their domain.

Level 5 (Strategise)

  • Leads the development, articulation, implementation, and ongoing refinement of the enterprise-wide information security strategy, vision, and principles.
  • Aligns the security strategy and investments directly with business objectives, digital transformation initiatives, and the organisation's overall risk management framework.
  • Advises executive leadership and the board on cybersecurity posture, strategic security priorities, major risks, and necessary investments.

Related Technical Competencies

SECURITY ADMINISTRATION

SECURITY ARCHITECTURE (APPLICATIONS DEVELOPER)

SECURITY ARCHITECTURE (SOLUTIONS ARCHITECT, ASSOCIATE SECURITY ANALYST, CYBER RISK ANALYST, SECURITY ENGINEER)

SECURITY GOVERNANCE