List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Manage enterprise security parameters | 1.1 Determine and evaluate parameters that affect enterprise security to establish benchmark 1.2 Review security classification and data management policies and procedures for relevance, and update if required 1.3 Plan and coordinate an effective enterprise continuity of operations (COOP) program and organisational structure for critical business continuity 1.4 Develop a plan to address factors to manage the risks of the enterprise 1.5 Integrate and evaluate risk management concepts into operational activities with related contingency planning activities, using an enterprise COOP performance measurement program 1.6 Evaluate and assess security incidents to establish an effective incident management program for the enterprise 1.7 Manage the coordination between related security teams for effective incident management processes and procedures |
2. Manage networks and telecommunications security | 2.1 Develop a network security and telecommunications program in line with enterprise policy and security goals 2.2 Manage the necessary resources to integrate network security and telecommunications program activities with technical support, security administration and incident response activities in a secure network 2.3 Establish effective communications protocols between the network security and telecommunications team and related security teams to manage the risks 2.4 Establish a performance measurement program to evaluate the security effectiveness of the integrated network security and telecommunications network 2.5 Ensure enterprise compliance with applicable networkbased documents, and that network-based audits and management reviews are conducted to implement process improvement |
3. Implement and document enhancements | 3.1 Implement appropriate changes and improvement actions as required, and evaluate effectiveness of enhancements 3.2 Produce and table documentation for audit tracking |
Evidence of the ability to:
direct contingency planning, operations and programs to manage risk
establish the information and communications technology (ICT) system and application security engineering program
manage the necessary resources to establish and maintain an effective network security and telecommunications program
specify policy and coordinate review.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
explain business and commercial issues related to the management of ICT security
explain continuity of operations (COOP)
clarify critical analysis in a management context
outline management specifications and objectives
describe different management styles and systems
explain systems development life cycle (SDLC).
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the networking industry, and include access to:
ICT business specifications
ICT security assurance specifications
management related scenarios
a security environment, including the threats to security that are, or are held to be, present in the environment
information on the security environment, including:
laws or legislation
existing organisational security policies
organisational expertise
use of risk analysis tools and methodologies currently used in industry.
Assessors must satisfy NVR/AQTF assessor requirements.