Advanced Options:
4. Information Security
QF Level
Code
Name
QF Level:
Level 1
No Item
QF Level:
Level 2
No Item
QF Level:
Level 3
Code:
111194L3
Name:
Monitor and perform the system security access checking
QF Level:
Level 3
Code:
111195L3
Name:
Understand general security and network security features on various types of platforms to carry out network security assessment
QF Level:
Level 4
Code:
ITSWIS402A
Name:
Ensure information security procedures and guidelines support information security policies
QF Level:
Level 4
Code:
ITSWIS403A
Name:
Maintain plans to implement information security governance framework
QF Level:
Level 4
Code:
ITSWIS404A
Name:
Support and implement information security practices and procedures
QF Level:
Level 4
Code:
ITSWIS406A
Name:
Conduct drills according to response and recovery plans
QF Level:
Level 4
Code:
111190L4
Name:
Apply suitable network development tools in the deployment of secure network system
QF Level:
Level 4
Code:
111191L4
Name:
Perform application security assessment for the organisation
QF Level:
Level 4
Code:
111192L4
Name:
Carry out the first line of communication for triggering client response and alert internal security teams
QF Level:
Level 4
Code:
111193L4
Name:
Maintain security files by receiving, processing and filing the system data
QF Level:
Level 5
Code:
ITSWIS503A
Name:
Ensure risk management related activities are integrated into business life cycle processes
QF Level:
Level 5
Code:
ITSWIS504A
Name:
Define strategies and prioritize options to mitigate risk
QF Level:
Level 5
Code:
ITSWIS505A
Name:
Develop methods to satisfy information security policy requirements
QF Level:
Level 5
Code:
ITSWIS524A
Name:
Promote accountability in managing information security risks
QF Level:
Level 5
Code:
ITSWIS507A
Name:
Evaluate and assess the effectiveness of corporate information security practices
QF Level:
Level 5
Code:
ITSWIS508A
Name:
Ensure availability, integrity and confidentiality of information systems
QF Level:
Level 5
Code:
ITSWIS526A
Name:
Evaluate and follow up on the recommendations in the information system security audit report
QF Level:
Level 5
Code:
ITSWIS520A
Name:
Prepare a full set of business continuity planning documentation
QF Level:
Level 5
Code:
ITSWIS522A
Name:
Provide awareness training programme to staff dealing with business continuity planning
QF Level:
Level 5
Code:
111169L5
Name:
Conduct investigation of Information Security Incidents
QF Level:
Level 5
Code:
111170L5
Name:
Develop procedures to implement incident response plan
QF Level:
Level 5
Code:
111171L5
Name:
Develop procedures to maintain and comply with the information security standard and policies of the organization
QF Level:
Level 5
Code:
111173L5
Name:
Evaluate the results of application security assessment for improvement recommendation
QF Level:
Level 5
Code:
111174L5
Name:
Evaluate the potential security threats to the organisation
QF Level:
Level 5
Code:
111176L5
Name:
Perform network security assessment for the organization
QF Level:
Level 5
Code:
111177L5
Name:
Prepare and deliver information system security audit report
QF Level:
Level 5
Code:
111178L5
Name:
Prepare documentation to report the security testing and findings
QF Level:
Level 5
Code:
111179L5
Name:
Propose appropriate countermeasures to prevent security attacks
QF Level:
Level 5
Code:
111180L5
Name:
Review the possible causes of the threats for remedial actions recommendation
QF Level:
Level 5
Code:
111181L5
Name:
Appraise Open-source intelligence (OSINT) methodology in the security process
QF Level:
Level 5
Code:
111182L5
Name:
Appraise the security threats in emerging technologies
QF Level:
Level 5
Code:
111183L5
Name:
Compare the strengths and weaknesses of different cryptographic algorithms and determine the suitable algorithm for the organization operation
QF Level:
Level 5
Code:
111184L5
Name:
Design and conduct a cyberattack simulation to evaluate the effectiveness of cyber defences across different technology layers
QF Level:
Level 5
Code:
111185L5
Name:
Develop risk management process for emerging technologies
QF Level:
Level 5
Code:
111186L5
Name:
Formulate data security and consent policy for emerging technologies
QF Level:
Level 5
Code:
111187L5
Name:
Implement changes to procedures and controls designed to enhance the security standard
QF Level:
Level 5
Code:
111188L5
Name:
Manage execution of action plans to ensure safety and security of IT assets
QF Level:
Level 6
Code:
ITSWIS603A
Name:
Develop a business case and perform an enterprise value analysis
QF Level:
Level 6
Code:
ITSWIS621A
Name:
Develop information security strategy and obtain management buy-in
QF Level:
Level 6
Code:
ITSWIS606A
Name:
Create plans to implement information security governance framework
QF Level:
Level 6
Code:
ITSWIS607A
Name:
Integrate information security programme requirements into an enterprise’s life cycle activities
QF Level:
Level 6
Code:
ITSWIS611A
Name:
Develop, propose and promulgate an enterprise’s information security policies
QF Level:
Level 6
Code:
ITSWIS613A
Name:
Devise processes for detecting, identifying and analysing security incident
QF Level:
Level 6
Code:
ITSWIS616A
Name:
Facilitate cross functional teams for crisis management
QF Level:
Level 6
Code:
ITSWIS617A
Name:
Prepare a crisis management plan and perform life cycle management of the plan
QF Level:
Level 6
Code:
111164L6
Name:
Develop information security standard, policies and guidelines for the organization
QF Level:
Level 6
Code:
111166L6
Name:
Review key controls metrics regularly to fulfil the security standard
QF Level:
Level 6
Code:
111167L6
Name:
Design the digital forensic process in terms of technical and legal aspects
QF Level:
Level 7
No Item
Note:
- The SCSs have been moderated by the Hong Kong Council for Accreditation of Academic and Vocational Qualifications (HKCAAVQ) to ensure consistency of QF level across industries.
- The contents of all SCSs will be updated regularly.
Copyright:
- All the Specification of Competency Standards (SCS) for industries and other related materials contained in this website are protected by copyright, which is owned by the Government of the Hong Kong Special Administrative Region.
- Permission is granted for users to download the SCSs to store them in local computers, provided that this is solely for personal or non-commercial internal use, and provided further that this copyright notice is downloaded at the same time.
- Save the above permitted use, any other use (including without limitation any reproduction, adaptation, distribution, dissemination or making available to the public) of the SCSs is strictly prohibited.