Ensures the confidentiality, integrity, availability, reliability, and non-repudiation of the organization’s information contained in and transmitted from systems and networks by implementing security laws, regulations, policies, standards, and control techniques.
Key Behaviors
- Identifies and evaluates resources needed to achieve acceptable levels of security and to remedy deficiencies based on system criticality and information sensitivity.
- Reads and/or collaborates to clearly understand the implications of legislation, regulations and standards related to information assurance and security.
- Uses knowledge of continuity assurance principles, methods, and practices to plan, implement and ensure continuous service.
- Uses the concepts of confidentiality, integrity and availability as applied to information systems security.
- Assesses risks associated with vulnerable systems and information.
- Considers privacy, security and accessibility of government websites.
- Keeps up to date on standards and determines or recommends levels of security protection required to protect and close exposure/risk to systems and information, in accordance with organization and federal standards.
- Implements cost effective methods to reduce risks to systems and information.
- Reviews the types of and uses or recommends the most effective security controls as directed by Federal policies and procedures.
- Ensures procedures for detecting, reporting and responding to security incidents are consistent with and follow standards and guidelines issued by applicable governing entities and regulations.
Developmental opportunities for this competency are available from the NIH Training Center.