List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Assess network security threats and vulnerabilities to identify risk | 1.1 Assess and report on current system security, according to required asset security level 1.2 Determine additional network, software, hardware and system security threats and vulnerabilities 1.3 Use identified threats and vulnerability information to identify security risks 1.4 Make recommendations to management to address security deficiencies, according to current and future commercial and business requirements |
2. Implement countermeasures for identified vulnerabilities and threats | 2.1 Implement required level of perimeter security based on current and future business needs 2.2 Assess and implement best practice server and network hardening techniques and measures 2.3 Implement secure authentication and user account controls 2.4 Secure data integrity and transmission |
3. Test and verify functionality and performance of security system implemented | 3.1 Design test items to verify key function and performance measures against criteria 3.2 Conduct function and performance tests recording results 3.3 Modify and debug security system as necessary 3.4 Develop documentation on current system settings and file for future reference |
4. Provide systems for monitoring and maintaining security | 4.1 Monitor current network security, including physical aspects, using appropriate third party testing software where applicable 4.2 Review logs and audit reports to identify and record security incidents, intrusions or attempts 4.3 Carry out spot checks and audits to ensure that procedures are not being bypassed 4.4 Document newly discovered security threats, vulnerabilities and risks in a report for presentation to appropriate person to gain approval for changes to be made |
Evidence of the ability to:
assess and identify security threats, vulnerabilities and risks
determine appropriate countermeasure for threat, vulnerability or risk
implement countermeasure per threat or risk
install, configure and test network elements to ensure perimeter security
test and verify function and performance of selected security measures
monitor network for suspicious activity and take appropriate action where necessary
document newly discovered threats, vulnerabilities and risks, including change recommendations for approval.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
outline authentication issues
summarise the security requirements of the client business domain, including:
organisation structure and business functionality
features and capabilities of networking technologies
privacy issues and privacy legislation
security information sources
risk analysis
outline common virtual private network (VPN) issues, including bandwidth and dynamic security environment
explain how to configure routers and switches
summarise current industry accepted hardware and software security products, including general features and capabilities
outline the function and operation of VPN concepts, including encryption, firewalls, packet tunnelling and authentication
outline network protocols and operating systems
summarise organisational issues surrounding security
outline security perimeters and their functions
describe security protocols, standards and data encryption
summarise security threats, including eavesdropping, data interception, data corruption and data falsification
outline types of VPNs, including site-to-site and user-to-site internet traffic and extranets
summarise the systems and procedures related to:
audit and intrusion detection systems
auditing and penetration testing techniques
cryptography
local area network (LAN), wireless local area network (WLAN) and wide area network (WAN)
screened subnets
transmission control protocols or internet protocols (TCPs/IPs) and applications
use of virus detection software.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
a site where secure network installation may be conducted
network security documentation
equipment specifications
network components
hardware and software
firewalls (hardware and software)
a live network
organisational guidelines
networked (LAN) computers
WAN service point of presence.
Assessors must satisfy NVR/AQTF assessor requirements.