Assessor Resource

ICASAS501A
Develop, implement and evaluate an incident response plan

Assessment tool

Version 1.0
Issue Date: March 2024


This unit applies to network managers who are responsible for maintaining network service.

This unit describes the performance outcomes, skills and knowledge required to develop and implement an incident response plan. The results of the incident response plan must be evaluated if they affect the mission of the organisation.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)

Prerequisites

Not applicable.


Employability Skills

This unit contains employability skills.




Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to:

develop an incident response program

manage an incident response activation and operation

evaluate the incident response.

Context of and specific resources for assessment

Assessment must ensure access to:

appropriate learning and assessment support when required

modified equipment for people with special needs

IT business specifications

information on the security environment, including relevant laws and legislation, existing organisational security policies, organisational expertise and knowledge

possible security environment, including threats to security that are, or are held to be, present in the environment

risk analysis tools and methodologies

IT security assurance specifications

incident scenarios.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

verbal or written questioning to assess candidate’s knowledge of security environment and risk analysis

review of incident response plan and associated documentation.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, where appropriate.

Assessment processes and techniques must be culturally appropriate, and suitable to the communication skill level, language, literacy and numeracy capacity of the candidate and the work being performed.

Indigenous people and other people from a non-English speaking background may need additional support.

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

Required skills

communication skills to:

liaise with clients and team members

present technical information

initiative and enterprise skills to develop incident response policies

learning skills to build organisational knowledge

literacy skills to prepare reports

planning and organisational skills to:

manage a project

manage logistics for identified resources and procedures to ensure on-time availability of required equipment

problem-solving skills to evaluate:

broad features of a particular business domain

best practice in system development.

Required knowledge

broad knowledge of:

client business domain

OHS procedures when formulating prevention and recovery strategy

systems engineering when evaluating threats

detailed knowledge of:

backup methodologies

specific components of the business planning process relevant to the development of information technology (IT) business solutions

current system functionality.

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Incident may include:

fire

misuse or improper access

other physical damage

theft of data or property

unauthorised publication.

According to requirements may include:

directives

laws

policies

procedures

regulations

standards.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Develop the incident management policy 
Identify the services the incident response team should provide 
Create incident response plans according to security policy and organisational goals 
Develop procedures for incident handling and reporting 
Create incident response exercises and red-teaming activities 
Develop specific processes for collecting and protecting forensic evidence during incident response 
Specify incident response staffing and training requirements 
Establish the response program 
Apply response actions in reaction to security incidents according to established policy, plans and procedures 
Respond to and report incidents 
Assist in collecting, processing and preserving evidence according to requirements 
Execute incident response plans 
Execute red-teaming activities and incident response exercises 
Ensure lessons learned from incidents are collected in a timely manner and are incorporated into review plans 
Collect, analyse and report incident management measures 
Assess efficiency and effectiveness of incident response program activities and implement changes as required 
Examine effectiveness of red teaming and incident response tests, training and exercises 
Assess effectiveness of communication between incident response team and related internal and external organisations, implementing changes where appropriate 
Identify and implement improvements based on assessments of effectiveness 

Forms

Assessment Cover Sheet

ICASAS501A - Develop, implement and evaluate an incident response plan
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICASAS501A - Develop, implement and evaluate an incident response plan

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: