|

Search
This Site All Cabinet Office

Cabinet Office sites

Latest News

• 21/05/2007 - Change to waiver route process

• 25/04/2007 - April 2007 newsletter

• 23/10/2006 - ITPC postal address has changed.

Related Links

• Central Sponsor for Information Assurance (CSIA)
• Communications Electronic Security Group (CESG)
• National School of Government
• Infosec Competencies Matrix

Feedback

• Feedback
• Send to a friend

The Comsec Manager competencies

This Core Competency Profile (CCP) applies to two roles set out in UKGovernment Infosec Standard No.4 Communications Security and Cryptography, that of Comsec Officer and Comsec Security Officer.

The Competency Clusters in this profile are expressed generically and in terms of transferable skills, to allow the competencies to be integrated with others already recognised in organisational appraisal schemes.

Candidates studying for the Government Certificate of Infosec Competency (Comsec Manager) award are required to add job-specific details to these, in order to make them measurable Target Competencies.

Organisations adopting these competencies descriptions may in any case wish to add further details or illustrative examples to individual competencies' descriptions to provide a more accurate description of the competence level required by the organisation.

Only those skills which are directly relevant to Infosec activities have been included. Organisations may wish to combine these with others from local competency frameworks to complete the competency profile for a specific post.

The Core Competencies are arranged in numeric order below and are in three clusters: Infosec expertise, Business management and Dealing with people.

1 Infosec expertise

Acquiring and maintaining knowledge and skills relevant to implementing effective Information Security

1.1 Acquiring and Maintaining Knowledge

• Identifies and undertakes relevant professional development to ensure they maintain a strategic understanding of the policy contained in Government Infosec Standard 4 and related UK Government and local/departmental directives and recommended practice.
• Takes note of relevant CINRAS and related outputs (e.g. UNIRAS) outputs and maintains sufficient knowledge generally to oversee or otherwise ensure communications security across the organisation.
  Maintains a working knowledge of related Information Assurance issues beyond their own Comsec discipline.

1.2 Implementation of Government baseline requirements and compliance with relevant legislation

• Takes strategic measures to ensure compliance with Government Comsec standards (including specifically Government Infosec Standard 4) and procedures on behalf of their organisation. Also, ensures compliance with legislative and organisational requirements.
• Ensures that the implementation of policy meets Government baseline and other appropriate requirements.

1.3 Using Technical Security Measures

• Recognises ways in which technical aspects of Comsec can be integrated effectively with other security measures and consistently identifies which of there are the most effective.

2 Business management

Integrating Infosec requirements with those of the business of the organisation; managing Infosec within the individual's sphere of activity

2.1 Business Focus

• Establishes, develops or advises on Comsec policy (and/or local working standards) that manage the risk to enable Business aims and objectives.
• Provides guidance to decision-makers on Comsec policy and practice, in consultation with relevant national authorities.
• Develops and maintains organisational Comsec policy and procedures to safeguard business requirements
• Promotes the business benefits of Comsec, including general Comsec Awareness, to the organisation through briefings and other representations.

2.2 Planning

• Produces or approves plans for the general management of communications security; ensures that emergency action plans for the protection of Comsec systems are established in accordance with Government and/or organisational policy.
• Ensures that procurement and development projects give adequate consideration to Comsec requirements.

2.3 Delivering Results

• Consistently delivers to the Business, communications systems that are commensurate with risk to the assets they protect and that address the Business operational need.
• Utilises appropriate strategic Comsec mechanisms and procedures to achieve organisational security goals.
• Provides clear and accountable documentation as required

2.4 Managing Resources & Value For Money (VFM)

• Plans and achieves VFM in devising Comsec policies and plans across the organisation or across organisational boundaries – for example, by utilising existing security measures in protective security strategies for new systems.
• Where appropriate, establishes and manages material and human Comsec resources.
• Ensures these strategies remain commensurate with the risk and aligned with Government Infosec Standard 4 and related local organisational baseline policies.

2.5 Dealing With Change

• Demonstrates a practical and flexible approach in adapting to changing legislation and national requirements for Comsec provision. Promotes and initiates changes in organisational Comsec policy and procedures to address developments in national policy and changes in the local (usually, organisational) security environment.
• Reacts promptly and provides timely management of Comsec as business or operational requirements dictate.

3 Dealing with people

Working with others, internally/externally, to establish and maintain appropriate levels of security within the organisation and its contractors

3.1 Infosec Teamwork

• Provides leadership across the organisation to achieve compliance with Government Infosec Standard 4 policy and related local/departmental directives and policies.
• Leads or works effectively with other relevant security staff and project teams, recognising when to seek help in issues beyond their expertise and identifying correctly appropriate sources of expertise.

3.2 Communicating and Influencing Infosec Issue

• Is influential in supporting Comsec requirements, in providing specific guidance and more generally communicating Comsec issues (for example, via targeted briefings) to operational decision-makers in the organisation, and externally.
• Is influential in promoting acceptance of Comsec requirements to senior decision-makers (for example the Senior Risk Officer) within the organisation and externally.
• Promotes Comsec knowledge and awareness through sponsorship of an effective education, training and awareness programme; may originate and present education and training events.