List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Manage enterprise cloud security controls | 1.1 Identify the cloud security issues faced by different delivery and deployment models relevant to the enterprise 1.2 Determine the specific enterprise areas of security responsibility 1.3 Implement the most relevant security controls and measures, to protect identified areas of responsibility |
2. Manage enterprise cloud privacy and compliance | 2.1 Identify the relevant compliance regulations relating to data storage 2.2 Determine the most relevant business continuity and data recovery plans 2.3 Identify, secure and maintain, the relevant logs and audit trails 2.4 Investigate and review legal, privacy and contractual issues to ensure that they meet the enterprise policy |
3. Review, implement and document cloud security, privacy and compliance enhancements | 3.1 Implement the appropriate changes, and integrate them into the current enterprise’s continuity of operation program (COOP) 3.2 Establish a performance measurement program, to evaluate the security effectiveness of implemented security controls 3.3 Provide relevant documentation as part of COOP, for audit tracking purposes |
Evidence of the ability to:
identify, manage and implement cloud security controls, according to legal and privacy requirements
integrate the cloud security plans into the enterprise’s existing security plans
develop an ongoing performance measurement and evaluation review process.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
review the business and commercial issues relating to the management of cloud security
research the legislation, organisational and jurisdictional policy and procedures that may impact on management areas including:
cloud-related privacy issues
codes of ethics and conduct
equal employment opportunity, equity and diversity principles
financial management requirements
governance requirements
determine management specifications and objectives
identify the management tools and techniques suited to a range of complex project activities
describe the organisational and political context
evaluate the systems development life cycle (SDLC)
determine the techniques for critical analysis in a management context.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
the cloud information and communications technology (ICT) business specifications
the cloud ICT security assurance specifications
management-related scenarios
a cloud-focused security environment, including threats to security that are, or are held to be, present in the environment
information on the security environment, including:
laws or legislation
existing enterprise security policies
enterprise expertise
risk analysis tools and methodologies currently used in industry.
Assessors must satisfy NVR/AQTF assessor requirements.