Assessor Resource

ICTNWK519
Design an ICT security framework

Assessment tool

Version 1.0
Issue Date: March 2024


This unit describes the skills and knowledge required to evaluate information and communications technology (ICT) security requirements for a new system and to plan for controls and contingencies.

It applies to individuals working in senior roles in the networking area who are required to design security for new ICT systems.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)



Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Research ICT security requirements

1.1 Investigate and gather statutory, commercial and application security requirements

1.2 Assess impact on the existing ICT system

1.3 Identify additional ICT security requirements

1.4 Document security requirements and forward to appropriate person for approval

2. Conduct risk analysis

2.1 Identify security threats and determine security specifications, taking into account the internal and external business environment

2.2 Develop controls and contingencies to alleviate security threats

2.3 Identify the costs associated with contingencies

2.4 Document and forward recommendations to appropriate person for approval

3. Develop ICT security policy and operational procedures

3.1 Review feedback from appropriate person to determine how to manage security threats

3.2 Develop security policies based on the security strategy

3.3 Create and document work procedures based on the security policies

3.4 Document operating procedures and forward to appropriate person for approval

3.5 Take action to ensure confidentiality of client and user information

3.6 Apply statutory requirements to policy and procedures

Evidence of the ability to:

research and assess security framework requirements with consideration of statutory and commercial requirements

determine the security risks and develop controls and contingencies

identify costs associated

document the security framework and obtain approval

develop security policies and operating procedures.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

summarise the design criteria for a security framework, including:

the client business domain

legislation relating to information and communications technology (ICT) security

current industry accepted hardware

current industry software products

security features and capabilities

operating systems

risk relating to ICT security

identify and outline relevant privacy legislation

identify and outline common security considerations for businesses, including:

typical environments

threats

policies and strategies.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

information on the security environment

laws or legislation

existing organisational security policies

organisational expertise

ICT business specifications

ICT security assurance specifications

security environment, which also includes the threats to security that are, or are held to be, present in the environment

risk analysis tools or methodologies.

Assessors must satisfy NVR/AQTF assessor requirements.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Research ICT security requirements

1.1 Investigate and gather statutory, commercial and application security requirements

1.2 Assess impact on the existing ICT system

1.3 Identify additional ICT security requirements

1.4 Document security requirements and forward to appropriate person for approval

2. Conduct risk analysis

2.1 Identify security threats and determine security specifications, taking into account the internal and external business environment

2.2 Develop controls and contingencies to alleviate security threats

2.3 Identify the costs associated with contingencies

2.4 Document and forward recommendations to appropriate person for approval

3. Develop ICT security policy and operational procedures

3.1 Review feedback from appropriate person to determine how to manage security threats

3.2 Develop security policies based on the security strategy

3.3 Create and document work procedures based on the security policies

3.4 Document operating procedures and forward to appropriate person for approval

3.5 Take action to ensure confidentiality of client and user information

3.6 Apply statutory requirements to policy and procedures

Evidence of the ability to:

research and assess security framework requirements with consideration of statutory and commercial requirements

determine the security risks and develop controls and contingencies

identify costs associated

document the security framework and obtain approval

develop security policies and operating procedures.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

summarise the design criteria for a security framework, including:

the client business domain

legislation relating to information and communications technology (ICT) security

current industry accepted hardware

current industry software products

security features and capabilities

operating systems

risk relating to ICT security

identify and outline relevant privacy legislation

identify and outline common security considerations for businesses, including:

typical environments

threats

policies and strategies.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

information on the security environment

laws or legislation

existing organisational security policies

organisational expertise

ICT business specifications

ICT security assurance specifications

security environment, which also includes the threats to security that are, or are held to be, present in the environment

risk analysis tools or methodologies.

Assessors must satisfy NVR/AQTF assessor requirements.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Investigate and gather statutory, commercial and application security requirements 
Assess impact on the existing ICT system 
Identify additional ICT security requirements 
Document security requirements and forward to appropriate person for approval 
Identify security threats and determine security specifications, taking into account the internal and external business environment 
Develop controls and contingencies to alleviate security threats 
Identify the costs associated with contingencies 
Document and forward recommendations to appropriate person for approval 
Review feedback from appropriate person to determine how to manage security threats 
Develop security policies based on the security strategy 
Create and document work procedures based on the security policies 
Document operating procedures and forward to appropriate person for approval 
Take action to ensure confidentiality of client and user information 
Apply statutory requirements to policy and procedures 

Forms

Assessment Cover Sheet

ICTNWK519 - Design an ICT security framework
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICTNWK519 - Design an ICT security framework

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: