DOC

ASA and ITSA Functions and Competencies guidelines [DOC

By Linda Harper,2014-07-11 10:40
11 views 0
ASA and ITSA Functions and Competencies guidelines [DOC

    Protective security governance guidelines Agency security adviser and IT security adviser

    functions and competencies

     Approved

    13 September 2011

    Version 1.0

? Commonwealth of Australia 2011

    All material presented in this publication is provided under a Creative Commons Attribution 3.0 Australia (http://creativecommons.org/licenses/by/3.0/au/deed.en ) licence. For the avoidance of doubt, this means this licence only applies to material as set out in this document.

    The details of the relevant licence conditions are available on the Creative Commons website (accessible using the links provided) as is the full legal code for the CC BY 3.0 AU licence (http://creativecommons.org/licenses/by/3.0/legalcode ).

    Use of the Coat of Arms

    The terms under which the Coat of Arms can be used are detailed on the It's an Honour (http://www.itsanhonour.gov.au/coat-arms/index.cfm) website.

    Contact us

    Inquiries regarding the licence and any use of this document are welcome at: Business Law Branch

    Attorney-General’s Department

    3-5 National Cct

    BARTON ACT 2600

    Telephone: (02) 6141 6666

    copyright@ag.gov.au

Document details

    Security classification Unclassified

    Dissemination limiting marking Publicly available

Date of security classification review July 2013

    Authority Protective Security Policy Committee

    Author Protective Security Policy Section

     Attorney-General’s Department

    Document status Approved by PSPC 13 September 2011

    i

Contents

    1. Introduction ............................................................................................................. 1

    1.1 Purpose .............................................................................................................. 1 1.2 Audience ............................................................................................................ 1 1.3 Scope .................................................................................................................. 1

    1.3.1 Use of specific terms in these guidelines ......................................................... 1 2. Background .............................................................................................................. 2

    2.1 Why were these Guidelines developed? ............................................................. 2 2.2 Relationship to other documents ........................................................................ 2 2.3 How are these guidelines structured? ................................................................. 2 3. ASA and ITSA roles ................................................................................................... 3

    3.1 Authority of the ASA and ITSA positions .............................................................. 3 4. ASA functions and competencies ............................................................................. 4

    4.1 ASA functions ..................................................................................................... 4 4.2 ASA competencies .............................................................................................. 5

    4.2.1 Conduct of investigations ............................................................................... 3 5. ITSA functions and competencies ............................................................................. 7

    5.1 ITSA functions ..................................................................................................... 7 5.2 ITSA competencies.............................................................................................. 7

    5.2.1 Conduct of investigations 错误;未定义书签。Error! Bookmark not defined.

    6. Use of specialist service providers ............................................................................ 9

    6.1 External training providers .................................................................................. 9

    ii

Amendments

    No. Location Amendment

    1.

    2.

    3.

    iii

1. Introduction

    1.1 Purpose

    The PSPF Protective security governance guidelines Agency security adviser and IT security

    adviser functions and competencies identify better practice and provide advice to agencies

    to assist them in selecting and developing the skills of agency security advisers (ASAs) and IT security advisers (ITSAs).

    1.2 Audience

    These guidelines apply to:

    ; Agency senior management particularly the Senior Executive Service officer

    responsible for security

    ; ASAs and ITSAs

    ; other agency security management personnel, and

    ; contracted protective security management service providers.

    1.3 Scope

    These guidelines amplify the Protective Security Policy Framework (PSPF) Governance 4.5

    Developing a security culture relating to the functions and competencies identified to fulfil the roles of ASA and ITSA within agencies. These guidelines provide better practice guidance to the PSPF mandatory requirements GOV 2 and GOV 3.

    Agencies are responsible for determining how they will fulfil the functions identified in these guidelines. The functions may be undertaken using personnel in other areas of the agency. 1.3.1 Use of specific terms in these guidelines

    ‘Service provider’ refers to a contractor to a government agency and/or sub-contractors to

    the agency’s contractor.

    In these guidelines the use of the terms:

    ; ‘need to’ refers to a legislative requirement that agencies must meet

    ; ‘are required to’ or ‘is required to’ refers to a control:

    - to which agencies cannot give a policy exception, or

    - used in other protective security documents that set controls.

    ; ‘are to’ or ‘is to’ are directions required to support compliance with the mandatory

    requirements of the physical security core policy, and

    ; ‘should’ refers to better practice; agencies are expected to apply better practice

    unless there is a reason based on their risk assessment to apply alternative controls. For details on policy exceptions see the PSPF Australian Government Physical Security

    Management Protocol (section 1.4).

    1

2. Background

    2.1 Why were these Guidelines developed?

    The PSPF Protective security governance guidelines Agency security adviser and IT security

    adviser functions and competencies were developed to assist agency senior managers in selecting and developing ASAs and ITSAs. These guidelines also identify to ASAs and ITSAs areas where personal development may be beneficial to them and their agencies. 2.2 Relationship to other documents

    These Guidelines explain mandatory requirements GOV 2 and GOV 3 which require agencies to appoint staff to be responsible for day-to-day performance of protective security and ICT systems security functions.

    2.3 How are these guidelines structured?

    The guidelines are broadly divided into four sections:

    ; ASA and ITSA roles and authority