Assessor Resource

ICANWK519A
Design an IT security framework

Assessment tool

Version 1.0
Issue Date: March 2024


This unit applies to individuals in senior roles in the networking area who are required to design security for new IT systems.

This unit describes the performance outcomes, skills and knowledge required to evaluate IT security requirements for a new system and to plan for controls and contingencies.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)

Prerequisites

Not applicable.


Employability Skills

This unit contains employability skills.




Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to:

explain legal obligations with respect to privacy and the specific application of security issues

design a security framework.

Context of and specific resources for assessment

Assessment must ensure access to:

information on the security environment, including:

laws or legislation

existing organisational security policies

organisational expertise

IT business specifications

IT security assurance specifications

possible security environment, which also includes the threats to security that are, or are held to be, present in the environment

risk analysis tools or methodologies

appropriate learning and assessment support when required

modified equipment for people with special needs.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

verbal or written questioning to assess candidate’s knowledge of:

security threats

current industry security trends

current legislation

review of candidate’s documented security policies

evaluation of candidate’s documented operating procedures.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, where appropriate.

Assessment processes and techniques must be culturally appropriate, and suitable to the communication skill level, language, literacy and numeracy capacity of the candidate and the work being performed.

Indigenous people and other people from a non-English speaking background may need additional support.

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

Required skills

analytical skills to:

analyse International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Australian Standards (AS) and other standards to establish and maintain a security framework

evaluate and present information across a range of technical and management functions

communication skills to liaise with clients and users and articulate complex security scenarios in a clear and concise manner

literacy skills to produce document procedures and recommendations

numeracy skills to develop a broad plan, budget or strategy

planning and organisational skills to:

contribute to the development of security policies, procedures and frameworks

facilitate presentations to groups

research skills to:

identify the range of security risks

transfer and collect information.

Required knowledge

detailed knowledge of:

accurate and in-depth knowledge of the client business domain

awareness of legislation relating to IT security

current industry-accepted hardware and software products, including broad knowledge of security features and capabilities

operating systems, including strengths and weaknesses over lifetime of product

sources of risk relating to IT security

overview knowledge of privacy issues and legislation.

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Security requirements may include:

customs

expertise

knowledge

laws

organisational security policies

security environment, which also includes:

authentication

encryption

hardware

passwords

policies

threats to security that are, or are held to be, present in the environment.

Appropriate person may include:

authorised business representative

client

supervisor.

Security threats may include:

data tampering and manipulation; impersonation, penetration and by-pass actions

eavesdropping

keyboard logging

local applications or LAN connections

weaknesses in internet networks.

Security policies may cover:

theft

viruses

standards, including archival, backup and network

privacy

audits and alerts.

Security strategy may include:

authentication

authorisation and integrity

privacy.

Client may include:

employees

external organisations

individuals

internal departments.

User may include:

department within the organisation

person within a department

third party.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Investigate and assemble statutory, commercial and application security requirements 
Assess impact on the existing IT system 
Identify additional IT security requirements 
Document security requirements and forward to appropriate person for approval 
Identify security threats and determine security specifications, taking into account the internal and external business environment 
Develop controls and contingencies to alleviate security threats 
Identify the costs associated with contingencies 
Document and forward recommendations to appropriate person for approval 
Review feedback from appropriate person to determine how to manage security threats 
Develop security policies based on the security strategy 
Create and document work procedures based on the security policies 
Document operating procedures and forward to appropriate person for approval 
Take action to ensure confidentiality of client and user information 
Apply statutory requirements to policy and procedures 

Forms

Assessment Cover Sheet

ICANWK519A - Design an IT security framework
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICANWK519A - Design an IT security framework

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: