Foundation

Mapping

• Public service levels: A03-4
• SFIA: 1-2
• Leadership competencies for Queensland – Individual contributor

SFIA professional skills

• Audit AUDT
• Customer service management CSMG
• Information assurance INAS
• Information security SCTY
• Risk management BURM

Competencies

• Understands audit and assessment activities, documentation and standards and can keep records.
• Understands the objectives of information security and relevant controls and assists with the coordination, implementation and monitoring of security policies.
• Assists with basic cyber risk management activities including maintenance of risk documentation.
• Responds to stakeholder requests using established procedures, provides information and escalates unresolved matters as needed.

70:20:10 examples

70: Suggested experiential learning

• Review cyber security policies.
• Provide ISMS committee secretariat support.
• Report on risk and maintain risk register documentation.
• Provide routine advice and support on cyber risk management policies and procedures.

20: Suggested professional development

• Find a mentor.
• Shadow other practitioners.
• Join a cyber security professional association and participate in events such as table top exercises.
• Develop situational awareness of cyber security / GRC trends e.g. podcasts, case studies, white papers, news sites, forums.
• Develop writing skills e.g. review or draft GRC documentation and receive feedback

10: Example formal learning

• Bachelor degree or post graduate degree in cyber security or a related field (e.g. communications)
• Certificate IV, Diploma or Advanced Diploma in cyber security or related field (e.g. IT, communications).

Others:

• AusCERT Cyber Security Risk Management
• Certified in Cyber Security (CC)
• CompTIA Security +
• Cyber Security Foundation + Practitioner
• Foundation and Implementing an IMS ISO/IEC 27001:2022
• ITIL
• SANS SEC301: Introduction to Cyber Security

Last updated:

30 June 2025