Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.
Required skills
analytical skills to:
analyse network information
plan approaches to technical problems or management requirements
communication skills to:
convey and clarify complex information
liaise with clients
literacy skills to interpret and prepare technical documentation, including recording security incidents and developing security policies
planning skills to plan control methods for managing system security
problem-solving skills to:
apply solutions in complex networks, including systems processes
deploy rapid deployment of solutions to problems involving failure and security incidents
technical skills to apply best practice to systems security methodologies and technologies.
Required knowledge
detailed knowledge of:
auditing and penetration testing techniques
logging analysis techniques
organisational network infrastructure
related weaknesses of installed network infrastructure
security technologies
broad knowledge of:
capabilities of software and hardware solutions
emerging security issues
general features of emerging security policies, with depth in security procedures
network management and security process controls
network security implementation risk management plans and procedures.
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.
Network may include: | data internet local area networks (LANs) large and small LANs virtual private networks (VPNs) wide area networks (WANs) wireless LANs (WLANs). |
Attacks and vulnerabilities may include: | authorisations brute force and dictionary attacks denial of service and by-pass eavesdropping hackers internal threats intruder detection manipulation penetration social engineering, including impersonation spoofing viruses using logging. |
Assets may include: | data hardware personal information product and branding information. |
Security may include: | AAA authentication process, Kerberos and challenge handshake authentication protocol (CHAP) Diameter and remote authentication dial-in user service (RADIUS) folder and file security IPSec lightweight extensible authentication protocol (LEAP) personal knowledge management (PKM) smart cards secure socket layer (SSL) tokens VPN wired equivalent privacy (WEP) wi-fi protected access (WPA) or WPA2. |
Network components may include: | servers workstations accounts authentication data data transmission network perimeters: part of router configuration or proxy server products: Cisco Centri, PIX ClearOS IPcop Linux iptables MS ISA server SmoothWall Untangle. |
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.
Observation Checklist