Ensures the confidentiality, integrity, availability, reliability, and non-repudiation of the organization’s information contained in and transmitted from systems and networks by implementing security laws, regulations, policies, standards, and control techniques.
Key Behaviors
- Uses the concepts of confidentiality, integrity and availability as applied to information systems security.
- Assesses risks associated with vulnerable systems and information.
- Considers privacy, security and accessibility of government websites.
- Keeps up to date on standards and determines or recommends levels of security protection required to protect and close exposure/risk to systems and information, in accordance with organization and federal standards.
- Implements cost effective methods to reduce risks to systems and information.
- Reviews the types of and uses or recommends the most effective security controls as directed by Federal policies and procedures.
- Ensures procedures for detecting, reporting and responding to security incidents are consistent with and follow standards and guidelines issued by applicable governing entities and regulations.
- Uses knowledge of continuity assurance principles, methods, and practices to plan, implement and ensure continuous service.
- Identifies and evaluates resources needed to achieve acceptable levels of security and to remedy deficiencies based on system criticality and information sensitivity.
- Reads and/or collaborates to clearly understand the implications of legislation, regulations and standards related to information assurance and security.
Developmental opportunities for this competency are available from the NIH Training Center.