List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Review organisational security policy and procedures | 1.1 Review business environment to identify existing requirements 1.2 Determine organisational goals for legal and security requirements 1.3 Verify security needs in a policy document 1.4 Determine legislative impact on business domain 1.5 Gather and document objective evidence on current security threats 1.6 Identify options for using internal and external expertise 1.7 Establish and document a standard methodology for performing security tests |
2. Develop security plan | 2.1 Investigate theoretical attacks and threats on the business 2.2 Evaluate risks and threats associated with the investigation 2.3 Prioritise assessment results and write security policy 2.4 Document information related to attacks, threats, risks and controls in a security plan 2.5 Review the security strategy with security approved key stakeholders 2.6 Integrate approved changes into business plan and ensure compliance with statutory requirements |
3. Design controls to be incorporated into system | 3.1 Implement controls in a procedurally organised manner to ensure minimum risk of security breach in line with organisational guidelines 3.2 Monitor each phase of the implementation to determine the impact on the business 3.3 Take corrective action on system implementation breakdown 3.4 Record implementation process 3.5 Evaluate corrective actions for risk 3.6 Plan risk assessment review process 3.7 Take action to ensure confidentiality throughout all phases of design |
Evidence of the ability to:
review organisational security policies and procedures
establish realistic security procedures
design security plan and controls for a system
develop a security control strategy
oversee the implementation and evaluation of the strategy.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
describe communications security, including human organisational interactions
describe how to conduct an information security risk assessment
identify and summarise internet security technologies and processes, including:
firewalls
physical security
security testing methods for performing security tests
wireless security
security threats
the impact of security policies, plans and strategies
general features of specific security technology
risk assessment
describe current industry accepted security processes, including general features and capabilities of software and hardware solutions
outline the legal and ethical standards expected when considering security controls, including:
ethics in information and communications technology (ICT)
privacy issues
legislation
summarise the need for developing organisational guidelines, processes, policies and procedures.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
ICT security assurance specifications
probability, frequency and severity of direct and indirect harm, loss or misuse of the ICT system
risk analysis tools and methodologies
an ICT environment in which there are security risks
legislation, regulations and standards relating to security
existing organisational security policies
organisational expertise.
Assessors must satisfy NVR/AQTF assessor requirements.