Assessor Resource

ICTNWK513
Manage system security

Assessment tool

Version 1.0
Issue Date: April 2024


This unit describes the skills and knowledge required to implement and manage security on an operational system.

It applies to individuals working in middle management in technical advice, guidance and leadership roles such as security managers and security analysts responsible for implementing and managing the organisations security management system.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Analyse threats to system

1.1 Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies

1.2 Conduct risk analysis on system and document outcomes

1.3 Evaluate threats to the system and document findings

1.4 Compile and document human interactions with system

2. Determine risk category

2.1 Conduct a risk assessment on the system and categorise risks

2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks

2.3 Match risk plans to risk categories

2.4 Determine and plan resources by risk categories

3. Identify appropriate controls

3.1 Devise and put in place effective controls to manage risk

3.2 Design policies and procedures to cover user access of the system

3.3 Conduct training in the use of system-related policies and procedures

3.4 Monitor high-risk categories at specified periods

3.5 Categorise and record system breakdowns

4. Include controls in the system

4.1 Develop security plan and procedures to include in management system

4.2 Develop security recovery plan

4.3 Implement system controls to reduce risks in human interaction with the system

5. Monitor system tools and procedures

5.1 Review and monitor risks and controls, using a management review process

5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews

5.3 Plan to re-evaluate system and identify new threats and risks

Evidence of the ability to:

implement and manage security functions on a system

conduct risk assessment

set up effective controls to manage risk

develop security plan and security recovery plan

monitor risks and controls

review risk analysis process.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

summarise the general features of specific security technologies

describe risk analysis techniques, with a focus on their general features, and depth in security procedures

describe the common security requirements of a client’s organisation, including:

threats

security techniques and technologies

outline systems management and process control in relation to security

explain systems technologies, including a broad summary of their general features and capabilities.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

a site where system security may be implemented and managed

use of utility tools currently used in industry

organisational security policies

manufacturer recommendations

security standards.

Assessors must satisfy NVR/AQTF assessor requirements.

Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)

Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Analyse threats to system

1.1 Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies

1.2 Conduct risk analysis on system and document outcomes

1.3 Evaluate threats to the system and document findings

1.4 Compile and document human interactions with system

2. Determine risk category

2.1 Conduct a risk assessment on the system and categorise risks

2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks

2.3 Match risk plans to risk categories

2.4 Determine and plan resources by risk categories

3. Identify appropriate controls

3.1 Devise and put in place effective controls to manage risk

3.2 Design policies and procedures to cover user access of the system

3.3 Conduct training in the use of system-related policies and procedures

3.4 Monitor high-risk categories at specified periods

3.5 Categorise and record system breakdowns

4. Include controls in the system

4.1 Develop security plan and procedures to include in management system

4.2 Develop security recovery plan

4.3 Implement system controls to reduce risks in human interaction with the system

5. Monitor system tools and procedures

5.1 Review and monitor risks and controls, using a management review process

5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews

5.3 Plan to re-evaluate system and identify new threats and risks

Evidence of the ability to:

implement and manage security functions on a system

conduct risk assessment

set up effective controls to manage risk

develop security plan and security recovery plan

monitor risks and controls

review risk analysis process.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

summarise the general features of specific security technologies

describe risk analysis techniques, with a focus on their general features, and depth in security procedures

describe the common security requirements of a client’s organisation, including:

threats

security techniques and technologies

outline systems management and process control in relation to security

explain systems technologies, including a broad summary of their general features and capabilities.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

a site where system security may be implemented and managed

use of utility tools currently used in industry

organisational security policies

manufacturer recommendations

security standards.

Assessors must satisfy NVR/AQTF assessor requirements.
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies 
Conduct risk analysis on system and document outcomes 
Evaluate threats to the system and document findings 
Compile and document human interactions with system 
Conduct a risk assessment on the system and categorise risks 
Conduct a risk assessment on human operations and interactions with the system and categorise risks 
Match risk plans to risk categories 
Determine and plan resources by risk categories 
Devise and put in place effective controls to manage risk 
Design policies and procedures to cover user access of the system 
Conduct training in the use of system-related policies and procedures 
Monitor high-risk categories at specified periods 
Categorise and record system breakdowns 
Develop security plan and procedures to include in management system 
Develop security recovery plan 
Implement system controls to reduce risks in human interaction with the system 
Review and monitor risks and controls, using a management review process 
Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews 
Plan to re-evaluate system and identify new threats and risks 

Forms

Assessment Cover Sheet

ICTNWK513 - Manage system security
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:

Assessment Record Sheet

ICTNWK513 - Manage system security

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: