Information Security

Task 06/01 Survey information facilities, processes and systems to evaluate current status of: physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities

Knowledge of:

  • 06/01/01 - Security survey and risk assessment methodology, qualitative and quantitative risk analysis, protective measures cost-benefit analysis
  • 06/01/02 - Protection technology, equipment and procedures
  • 06/01/03 - Current methods used to compromise information
  • 06/01/04 - Building and system plans, drawings, and schematics
Task 06/02 Develop and implement policies and standards to ensure information is evaluated and protected against all forms of unauthorized/inadvertent access, use, disclosure, modification, destruction or denial

Knowledge of:

  • 06/02/01 - Principles of management
  • 06/02/02 - Information security theory and terminology
  • 06/02/03 - Laws pertaining to protection requirements for proprietary information and intellectual property
  • 06/02/04 - Protection measures, equipment, and techniques; including information security processes, systems for physical access, data control, management, and information destruction.
  • 06/02/05 -  Current trends and techniques for compromising information
Task 06/03  Develop and manage a program of integrated security controls and safeguards to ensure confidentiality, integrity, availability, authentication, non-repudiation, accountability, recoverability and audit ability of sensitive information and associated information technology resources, assets and investigations

Knowledge of:

  • 06/03/01 - Information security theory and systems methodology
  • 06/03/02 - Threats and vulnerabilities assessment analysis and mitigation
  • 06/03/03 - Systems integration techniques
  • 06/03/04 - Cost-benefit analysis methodology
  • 06/03/05 - Project management techniques
  • 06/03/06 - Budgetary projection development process
  • 06/03/07 - Vendor evaluation and selection process
  • 06/03/08 - Final acceptance and testing procedures, information systems, assessment, and security program documentation
  • 06/03/09 - Protection technology, equipment, investigations, and procedures
  • 06/03/10 - Training and awareness methodologies and procedures
Task 06/04  Evaluate the effectiveness of the information security program’s integrated security controls, to include related policies, procedures and plans, to ensure consistency with organization strategy, goals and objectives

Knowledge of:

  • 06/04/01 - Security survey/assessment methodology
  • 06/04/02 - Cost benefit/analysis methodology including asset identification and valuation, threat analysis, vulnerability assessment and consequence/impact recognition.
  • 06/04/03 - Protection technology/equipment systems
  • 06/04/04 - Monitoring, audit and testing techniques
  • 06/04/05 - Due diligence investigations for programs, projects and specific transactions (e.g. mergers and acquisitions, vendor assessments, 3rd party contracts), contract clauses to protect information assets and systems (e.g. relationships with vendors, suppliers, partners, consultants, subcontractors and other trusted parties)