Assessor Resource

ICTNWK616
Manage security, privacy and compliance of cloud service deployment

Assessment tool

Version 1.0
Issue Date: March 2024


This unit describes the skills and knowledge required to manage cloud security controls, and privacy and legal compliance, when implementing cloud services for an enterprise.

It applies to those with managerial responsibility, such as experienced security technical specialists, security analysts and security consultants.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)



Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Manage enterprise cloud security controls

1.1 Identify the cloud security issues faced by different delivery and deployment models relevant to the enterprise

1.2 Determine the specific enterprise areas of security responsibility

1.3 Implement the most relevant security controls and measures, to protect identified areas of responsibility

2. Manage enterprise cloud privacy and compliance

2.1 Identify the relevant compliance regulations relating to data storage

2.2 Determine the most relevant business continuity and data recovery plans

2.3 Identify, secure and maintain, the relevant logs and audit trails

2.4 Investigate and review legal, privacy and contractual issues to ensure that they meet the enterprise policy

3. Review, implement and document cloud security, privacy and compliance enhancements

3.1 Implement the appropriate changes, and integrate them into the current enterprise’s continuity of operation program (COOP)

3.2 Establish a performance measurement program, to evaluate the security effectiveness of implemented security controls

3.3 Provide relevant documentation as part of COOP, for audit tracking purposes

Evidence of the ability to:

identify, manage and implement cloud security controls, according to legal and privacy requirements

integrate the cloud security plans into the enterprise’s existing security plans

develop an ongoing performance measurement and evaluation review process.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

review the business and commercial issues relating to the management of cloud security

research the legislation, organisational and jurisdictional policy and procedures that may impact on management areas including:

cloud-related privacy issues

codes of ethics and conduct

equal employment opportunity, equity and diversity principles

financial management requirements

governance requirements

determine management specifications and objectives

identify the management tools and techniques suited to a range of complex project activities

describe the organisational and political context

evaluate the systems development life cycle (SDLC)

determine the techniques for critical analysis in a management context.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

the cloud information and communications technology (ICT) business specifications

the cloud ICT security assurance specifications

management-related scenarios

a cloud-focused security environment, including threats to security that are, or are held to be, present in the environment

information on the security environment, including:

laws or legislation

existing enterprise security policies

enterprise expertise

risk analysis tools and methodologies currently used in industry.

Assessors must satisfy NVR/AQTF assessor requirements.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Manage enterprise cloud security controls

1.1 Identify the cloud security issues faced by different delivery and deployment models relevant to the enterprise

1.2 Determine the specific enterprise areas of security responsibility

1.3 Implement the most relevant security controls and measures, to protect identified areas of responsibility

2. Manage enterprise cloud privacy and compliance

2.1 Identify the relevant compliance regulations relating to data storage

2.2 Determine the most relevant business continuity and data recovery plans

2.3 Identify, secure and maintain, the relevant logs and audit trails

2.4 Investigate and review legal, privacy and contractual issues to ensure that they meet the enterprise policy

3. Review, implement and document cloud security, privacy and compliance enhancements

3.1 Implement the appropriate changes, and integrate them into the current enterprise’s continuity of operation program (COOP)

3.2 Establish a performance measurement program, to evaluate the security effectiveness of implemented security controls

3.3 Provide relevant documentation as part of COOP, for audit tracking purposes

Evidence of the ability to:

identify, manage and implement cloud security controls, according to legal and privacy requirements

integrate the cloud security plans into the enterprise’s existing security plans

develop an ongoing performance measurement and evaluation review process.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

review the business and commercial issues relating to the management of cloud security

research the legislation, organisational and jurisdictional policy and procedures that may impact on management areas including:

cloud-related privacy issues

codes of ethics and conduct

equal employment opportunity, equity and diversity principles

financial management requirements

governance requirements

determine management specifications and objectives

identify the management tools and techniques suited to a range of complex project activities

describe the organisational and political context

evaluate the systems development life cycle (SDLC)

determine the techniques for critical analysis in a management context.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

the cloud information and communications technology (ICT) business specifications

the cloud ICT security assurance specifications

management-related scenarios

a cloud-focused security environment, including threats to security that are, or are held to be, present in the environment

information on the security environment, including:

laws or legislation

existing enterprise security policies

enterprise expertise

risk analysis tools and methodologies currently used in industry.

Assessors must satisfy NVR/AQTF assessor requirements.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Identify the cloud security issues faced by different delivery and deployment models relevant to the enterprise 
Determine the specific enterprise areas of security responsibility 
Implement the most relevant security controls and measures, to protect identified areas of responsibility 
Identify the relevant compliance regulations relating to data storage 
Determine the most relevant business continuity and data recovery plans 
Identify, secure and maintain, the relevant logs and audit trails 
Investigate and review legal, privacy and contractual issues to ensure that they meet the enterprise policy 
Implement the appropriate changes, and integrate them into the current enterprise’s continuity of operation program (COOP) 
Establish a performance measurement program, to evaluate the security effectiveness of implemented security controls 
Provide relevant documentation as part of COOP, for audit tracking purposes 

Forms

Assessment Cover Sheet

ICTNWK616 - Manage security, privacy and compliance of cloud service deployment
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

ICTNWK616 - Manage security, privacy and compliance of cloud service deployment

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: