Assessor Resource

ICANWK503A
Install and maintain valid authentication processes

Assessment tool

Version 1.0
Issue Date: March 2024


This unit applies to middle managers, such as information security managers, network engineers or security analysts, responsible for implementing and monitoring the organisational security management system.

This unit describes the performance outcomes, skills and knowledge required to design, develop, install and maintain authentication processes. Security of information and personnel is of increasing importance to organisations. Authentication is a control or protective measure put into place by an organisation to reduce the vulnerability of the system.

Authentication controls include passwords, personal identification numbers (PINs), smart cards, biometric devices and other Authentication protocols.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)

Prerequisites

Not applicable.


Employability Skills

This unit contains employability skills.




Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to:

design and deploy authentications solutions to the business technology environment and business needs

configure authentication software or tools

monitor and test authentication process after implementation

ensure authentication solutions are current.

Context of and specific resources for assessment

Assessment must ensure access to:

site or prototype where network authentication may be implemented and managed

network support tools currently used in industry

organisational security policies related to authentication, manufacturer recommendations and current authentication standards, including biometric authentication adaptors

appropriate learning and assessment support when required.

Where applicable, physical resources should include equipment modified for people with special needs.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

verbal or written questioning to assess candidate’s knowledge of:

current and emerging authentication processes

features and limitations in vendor solutions, operating systems and software

direct observation of candidate demonstrating management of authentication processes in a range of complex systems

review of documentation prepared by candidate to manage authentication processes.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, where appropriate.

Assessment processes and techniques must be culturally appropriate, and suitable to the communication skill level, language, literacy and numeracy capacity of the candidate and the work being performed.

Indigenous people and other people from a non-English speaking background may need additional support.

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

Required skills

analytical skills to:

analyse network information

plan approaches to technical problems or management requirements

communication skills to:

convey and clarify complex information

liaise with clients

literacy skills to interpret and prepare technical documentation, including recording authentication events related to network security design and incident response

planning skills to plan control methods for managing authentication processes

problem-solving skills to:

apply solutions in complex networks, including systems processes

instigate rapid deployment of solutions to problems involving authentication failure and security incidents

technical skills to apply best practice to systems authentication methodologies and technologies.

Required knowledge

overview knowledge of:

problems and challenges dealing with organisational authentication issues

resource accounting through authentication

common virtual private network (VPN) issues, including quality of service (QoS) considerations, bandwidth, dynamic security environment

function and operation of VPN concepts

authentication adaptors

biometric authentication adaptors

digital certificates, such as VeriSign, X.509, and SSL

function and operation of authentication

network authentication services, such as Kerberos and NT LAN Manager (NTLM)

features of common password protocols, such as:

challenge handshake authentication protocol (CHAP)

challenge phrases

password authentication protocol (PAP)

remote authentication dial-in user service (RADIUS) authentication

token cards.

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Server may include:

application or web

building environmental assessment (BEA) Weblogic

Certificate authority

email

file and print

firewall

file transfer protocol (FTP)

IAS - RADIUS

IBM VisualAge and WebSphere

Microsoft domain controllers

Novell Directory Services (NDS)

proxy or cache

routing and remote access, e.g. using virtual private network (RRAS-VPN).

Users may include:

external client

intranet

remote.

Protocols may include:

CHAP and PAP

Kerberos

lightweight directory access protocol (LDAP)

network level authentication

NTLM

open LDAP

simple and protected GSSAPI negotiation mechanism (SPNEGO)

security support provider interface (SSPI).

Methods may include:

certificates

challenge response

face, voice and unique bio-electric signals

fingerprint

ID card

other biometric identifier

pass phrase

password

PIN

retinal pattern

security token

signature

software token.

Network may include:

data

internet

large and small local area networks (LANs)

national wide area networks (WANs)

private lines

use of the public switched telephone network (PSTN) for dial-up modems only

voice

VPNs.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Determine user and enterprise security requirements with reference to enterprise security plan 
Identify and analyse authentication options according to user and enterprise requirements 
Select the most appropriate authentication and authorisation processes 
Create an authentication realm and reuse as required to protect different areas of server 
Add users and authorisation rules to new realm according to business needs 
Describe user attributes and user attribute set-up 
Set up an authentication filter and authorisation parameters on the appropriate server according to business requirements 
Develop or obtain authentication protocols as required 
Develop and distribute related methods to users according to business need 
Brief user on authentication system and their responsibilities according to enterprise security plan 
Apply authentication system to network and user according to system product requirements 
Record and store permission and configuration information in a secure central location 
Review the authentication system according to user and enterprise security and quality of service requirements 
Ensure ongoing security monitoring using incident management and reporting processes, according to enterprise security plan 
Adjust authentication system if required 

Forms

Assessment Cover Sheet

ICANWK503A - Install and maintain valid authentication processes
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICANWK503A - Install and maintain valid authentication processes

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: