Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.
Required skills
analytical skills to:
analyse International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Australian Standards (AS) and other standards to establish and maintain a security framework
evaluate and present information across a range of technical and management functions
communication skills to liaise with clients and users and articulate complex security scenarios in a clear and concise manner
literacy skills to produce document procedures and recommendations
numeracy skills to develop a broad plan, budget or strategy
planning and organisational skills to:
contribute to the development of security policies, procedures and frameworks
facilitate presentations to groups
research skills to:
identify the range of security risks
transfer and collect information.
Required knowledge
detailed knowledge of:
accurate and in-depth knowledge of the client business domain
awareness of legislation relating to IT security
current industry-accepted hardware and software products, including broad knowledge of security features and capabilities
operating systems, including strengths and weaknesses over lifetime of product
sources of risk relating to IT security
overview knowledge of privacy issues and legislation.
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.
Security requirements may include: | customs expertise knowledge laws organisational security policies security environment, which also includes: authentication encryption hardware passwords policies threats to security that are, or are held to be, present in the environment. |
Appropriate person may include: | authorised business representative client supervisor. |
Security threats may include: | data tampering and manipulation; impersonation, penetration and by-pass actions eavesdropping keyboard logging local applications or LAN connections weaknesses in internet networks. |
Security policies may cover: | theft viruses standards, including archival, backup and network privacy audits and alerts. |
Security strategy may include: | authentication authorisation and integrity privacy. |
Client may include: | employees external organisations individuals internal departments. |
User may include: | department within the organisation person within a department third party. |
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.
Observation Checklist