Skip to Content

Enterprise Security

Enterprise Security Competency Model

The Employment and Training Administration (ETA) collaborated with technical and subject matter experts from education, business, and industry to develop a comprehensive competency model for the Enterprise Security Industry. The model is designed as a resource supporting workforce development efforts to prepare the security workers that fulfill critical roles in the protection of national and global economies, providing a multitude of career opportunities ranging from managers and directors of enterprise security to intelligence analysts and chief security officers with major multinational corporations.

The Apollo Education Group and University of Phoenix developed the model and validated it in partnership with the ASIS Foundation. The ASIS International Chief Security Officer (CSO) Roundtable Leadership and Development Committee provided input and conducted with Apollo Education Group and the ASIS Foundation a series of validation sessions that included international delegates, subject matter experts and sessions with Bridge School of Management in New Delhi, India. The ASIS Foundation will continue to ensure that the model evolves to accommodate changing skill requirements.

In 2025, the foundational tiers of the model were updated to align with changes in the Building Blocks Model. For more information, download the Summary of Changes.

ASIS Foundation Logo      

University of Phoenix Logo

Scroll down to view the industry model selected. OR Click on the left menu bar to select another model.

Download the industry model and worksheets in several formats  It is an image of png format for download button

Enterprise Security Competency Model


Enterprise Security Building Blocks Pyramid

<strong>1.1 Interpersonal Skills and Teamwork</strong> Displaying skills to work with others. <strong>1.2 Integrity</strong> Displaying accepted social and work behaviors. <strong>1.3 Professionalism</strong> Maintaining a professional demeanor at work. <strong>1.4 Initiative</strong> Demonstrating a willingness to work. <strong>1.5 Adaptability and Flexibility</strong> Displaying the capability to adapt to new, different, or changing requirements. <strong>1.6 Dependability and Reliability</strong> Displaying responsible behaviors at work. <strong>1.7 Lifelong Learning</strong> Displaying a willingness to learn and apply new knowledge and skills. <strong>2.1 Security Fundamentals</strong> Understands and can apply basic security principles to the security of the enterprise or a specific structure, system or process. <strong>2.2 Business Foundations</strong> Understand basic business principles, trends, and economics. <strong>2.3 Critical and Analytical Thinking</strong> Using logic, reasoning, and analysis to address problems. <strong>2.4 Communication</strong> Giving full attention to what others are saying, and communicating in English well enough to be understood by others. <strong>2.5 Reading and Writing</strong> Understanding written sentences and paragraphs in work-related documents. Using standard English to compile information and prepare written reports. <strong>2.6 STEM Literacy (Science, Technology, Engineering, Mathematics)</strong> Understand and apply science, technology, engineering and mathematics to work within individual roles and responsibilities and in collaborating with allied workers <strong>2.7 Basic Computer Skills</strong> Using information technology and related applications, including adaptive devices and software, to convey and retrieve information. <strong>3.1 Teamwork</strong> Working cooperatively with others to complete work assignments. <strong>3.2 Planning and Organizing</strong> Planning and prioritizing work to manage time effectively and accomplish assigned tasks. <strong>3.3 Innovative Strategic Thinking</strong> Generating innovative and creative solutions. <strong>3.4 Problem Solving and Decision Making</strong> Applying critical-thinking skills to solve problems by generating, evaluating, and implementing solutions. <strong>3.5 Working with Tools and Technology</strong> Selecting, using, and maintaining tools and technology to facilitate work activity. <strong>3.6 Business Acumen</strong> Understand basic business principles, trends, and economics. <strong>3.7 Health and Safety</strong> Supporting a safe and healthy workplace. <strong>4.1 Risk Management</strong> Demonstrate ability to identify threats/risks and vulnerabilities taking into account the frequency, probability, speed of development, severity and reputational impact to achieve a holistic view of risk across the entity <strong>4.2 Compliance and Legal Aspects</strong> Develop and maintain security policies, procedures and practices that comply with relevant elements of criminal, civil, administrative and regulatory law to minimize adverse legal consequences <strong>4.3 Personnel Security and Business Continuity</strong> Develop, implement and manage systems and security practices that protect people and practices to ensure enterprise continuity and risk resilience <strong>4.4 Physical Security</strong> Measures that are designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm, involving the use of multiple layers of interdependent systems and techniques <strong>4.5 Cyber/Information Security</strong> The practice of protecting physical and electronic information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction <strong>4.6 Crisis Management</strong> The process by which an enterprise deals with a critical incident or major event that threatens to harm the organization, its property, assets, systems, continuity and or people <strong>4.7 Investigations</strong> The methodology the enterprise undertakes to collect and preserve information in reports to enable the enterprise to make reliable decisions in response to situations effectively interface with all stakeholders. <strong>4.8 Case Management</strong> A system to manage, analyze, report and present findings from investigations for internal enterprise stakeholders and external systems. <strong>4.9 Globalization and Cultural Awareness</strong> Integrating cultures and global dynamics into security systems, metrics and responses. <strong>4.10 Governance</strong> Specialty areas providing leadership, management, direction, and or development and advocacy so that individual and organization may effetely conduct security work. <strong>5.1 Loss Prevention</strong> Is a set of practices employed by retail companies and other corporate sectors reducing preventable losses and secure corporate systems, policies and procedures to mitigate losses caused by deliberate or inadvertent human actions. <strong>5.2 Banking and Financial Services</strong> Is a specialized security field including retail banking, mortgage, credit/debit cards, internet banking, commercial and consumer lending to stock brokerages, insurance companies, and other financial institutions requiring a sophisticated application of various regulatory agencies. <strong>5.3 Engineering and Design</strong> Is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. <strong>5.4 Government Services</strong> Government/industrial security professionals provide a variety of services from the protection of classified information in accordance with the National Industrial Security Program (NISP) to the protection of buildings, people and assets. <strong>5.5 Hospitality and Entertainment</strong> Security specialists operate in the hospitality, hotel, lodging, entertainment, event and gaming applying risk and personnel management, budgeting and finance, and a host of other areas in this specialized security segment. <strong>5.6 Healthcare</strong> Security in the healthcare industry involves in a work environment oriented toward patient protection and service, and may also include safety and community emergency management, supply chain security, pharmaceutical security and other areas of specialization. <strong>5.7 Manufacturing</strong> The security of manufacturing and industrial, as well as food and beverage production and processing and warehouse and distribution, facilities and operations includes industry specific risks and security risks. <strong>5.8 Services Sales, Equipment</strong> Is a specialized area of security-related products and services have resulting from emerging threats and evolving high technology. <strong>5.9 Transportation</strong> Specialized security segment that includes shipping, carrying, railroads, highways, freight, trucking, tourism, air cargo, ports, and other transportation domains with unit standards for security within the industry. <strong>5.10 Utilities</strong> Utilities refers to the security operations within telecommunications, water, electric, and nuclear power plants and related private corporations. Even though sources of power differ, there are common facilities to all utility operations. Click here to search for O*NET Occupational Competencies Profiles