List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Research ICT security requirements | 1.1 Investigate and gather statutory, commercial and application security requirements 1.2 Assess impact on the existing ICT system 1.3 Identify additional ICT security requirements 1.4 Document security requirements and forward to appropriate person for approval |
2. Conduct risk analysis | 2.1 Identify security threats and determine security specifications, taking into account the internal and external business environment 2.2 Develop controls and contingencies to alleviate security threats 2.3 Identify the costs associated with contingencies 2.4 Document and forward recommendations to appropriate person for approval |
3. Develop ICT security policy and operational procedures | 3.1 Review feedback from appropriate person to determine how to manage security threats 3.2 Develop security policies based on the security strategy 3.3 Create and document work procedures based on the security policies 3.4 Document operating procedures and forward to appropriate person for approval 3.5 Take action to ensure confidentiality of client and user information 3.6 Apply statutory requirements to policy and procedures |
Evidence of the ability to:
research and assess security framework requirements with consideration of statutory and commercial requirements
determine the security risks and develop controls and contingencies
identify costs associated
document the security framework and obtain approval
develop security policies and operating procedures.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
summarise the design criteria for a security framework, including:
the client business domain
legislation relating to information and communications technology (ICT) security
current industry accepted hardware
current industry software products
security features and capabilities
operating systems
risk relating to ICT security
identify and outline relevant privacy legislation
identify and outline common security considerations for businesses, including:
typical environments
threats
policies and strategies.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
information on the security environment
laws or legislation
existing organisational security policies
organisational expertise
ICT business specifications
ICT security assurance specifications
security environment, which also includes the threats to security that are, or are held to be, present in the environment
risk analysis tools or methodologies.
Assessors must satisfy NVR/AQTF assessor requirements.