Units of Competency (Software Products and Software Services (SP&SS))

Monitor and perform the system security access checking

Understand general security and network security features on various types of platforms to carry out network security assessment

Ensure information security procedures and guidelines support information security policies

Report significant changes in risks

Maintain plans to implement information security governance framework

Support and implement information security practices and procedures

Implement information security awareness programme

Conduct drills according to response and recovery plans

Apply suitable network development tools in the deployment of secure network system

Perform application security assessment for the organisation

Carry out the first line of communication for triggering client response and alert internal security teams

Maintain security files by receiving, processing and filing the system data

Establish reporting and communication channels

Maintain information security policies

Ensure risk management related activities are integrated into business life cycle processes

Define strategies and prioritize options to mitigate risk

Develop methods to satisfy information security policy requirements

Promote accountability in managing information security risks

Evaluate and assess the effectiveness of corporate information security practices

Ensure availability, integrity and confidentiality of information systems

Develop information security awareness programme

Enact information system security audit plan

Evaluate and follow up on the recommendations in the information system security audit report

Provide advice on computer forensics

Manage computer forensics evidence

Investigate an information security case

Prepare and present forensics investigation report

Prepare a full set of business continuity planning documentation

Conduct drill test on business continuity planning

Provide awareness training programme to staff dealing with business continuity planning

Conduct investigation of Information Security Incidents

Develop procedures to implement incident response plan

Develop procedures to maintain and comply with the information security standard and policies of the organization

Develop secure computer networking applications

Evaluate the results of application security assessment for improvement recommendation

Evaluate the potential security threats to the organisation

Manage the execution of response and recovery plans

Perform network security assessment for the organization

Prepare and deliver information system security audit report

Prepare documentation to report the security testing and findings

Propose appropriate countermeasures to prevent security attacks

Review the possible causes of the threats for remedial actions recommendation

Appraise Open-source intelligence (OSINT) methodology in the security process

Appraise the security threats in emerging technologies

Compare the strengths and weaknesses of different cryptographic algorithms and determine the suitable algorithm for the organization operation

Design and conduct a cyberattack simulation to evaluate the effectiveness of cyber defences across different technology layers

Develop risk management process for emerging technologies

Formulate data security and consent policy for emerging technologies

Implement changes to procedures and controls designed to enhance the security standard

Manage execution of action plans to ensure safety and security of IT assets

Perform data loss prevention assessment

Establish information security policies

Develop a business case and perform an enterprise value analysis

Develop information security strategy and obtain management buy-in

Develop a risk management process

Create plans to implement information security governance framework

Integrate information security programme requirements into an enterprise’s life cycle activities

Develop, propose and promulgate an enterprise’s information security policies

Establish corporate information security standards

Devise processes for detecting, identifying and analysing security incident

Manage post-event reviews

Facilitate cross functional teams for crisis management

Prepare a crisis management plan and perform life cycle management of the plan

Develop an information system security audit plan

Plan and maintain business continuity solutions

Develop information security standard, policies and guidelines for the organization

Develop response and recovery plans

Review key controls metrics regularly to fulfil the security standard

Design the digital forensic process in terms of technical and legal aspects

Design the evaluation criteria security test plans