List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Analyse threats to system | 1.1 Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies 1.2 Conduct risk analysis on system and document outcomes 1.3 Evaluate threats to the system and document findings 1.4 Compile and document human interactions with system |
2. Determine risk category | 2.1 Conduct a risk assessment on the system and categorise risks 2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks 2.3 Match risk plans to risk categories 2.4 Determine and plan resources by risk categories |
3. Identify appropriate controls | 3.1 Devise and put in place effective controls to manage risk 3.2 Design policies and procedures to cover user access of the system 3.3 Conduct training in the use of system-related policies and procedures 3.4 Monitor high-risk categories at specified periods 3.5 Categorise and record system breakdowns |
4. Include controls in the system | 4.1 Develop security plan and procedures to include in management system 4.2 Develop security recovery plan 4.3 Implement system controls to reduce risks in human interaction with the system |
5. Monitor system tools and procedures | 5.1 Review and monitor risks and controls, using a management review process 5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews 5.3 Plan to re-evaluate system and identify new threats and risks |
Evidence of the ability to:
implement and manage security functions on a system
conduct risk assessment
set up effective controls to manage risk
develop security plan and security recovery plan
monitor risks and controls
review risk analysis process.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
summarise the general features of specific security technologies
describe risk analysis techniques, with a focus on their general features, and depth in security procedures
describe the common security requirements of a client’s organisation, including:
threats
security techniques and technologies
outline systems management and process control in relation to security
explain systems technologies, including a broad summary of their general features and capabilities.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
a site where system security may be implemented and managed
use of utility tools currently used in industry
organisational security policies
manufacturer recommendations
security standards.
Assessors must satisfy NVR/AQTF assessor requirements.