List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Ensure user accounts are controlled | 1.1 Modify default user settings to ensure they conform to security policy 1.2 Modify previously created user settings to ensure they conform to updated security policy 1.3 Ensure legal notices displayed at logon are appropriate 1.4 Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity 1.5 Take action to ensure password procedures are reviewed with appropriate other internal departments 1.6 Monitor email to uncover breaches in compliance with legislation 1.7 Access information services to identify security gaps and take appropriate action using hardware and software or patches |
2. Secure file and resource access | 2.1 Review inbuilt security and access features of the operating system and consider need for further action 2.2 Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security 2.3 Monitor and record security threats to the system 2.4 Implement a virus checking process and schedule for the server, computer and other system components 2.5 Investigate and implement inbuilt or additional encryption facilities |
3. Monitor threats to the network | 3.1 Use third-party software or utilities to evaluate and report on system security 3.2 Review logs and audit reports to identify security threats 3.3 Carry out spot checks and other security strategies to ensure that procedures are being followed 3.4 Prepare and present an audit report and recommendations to appropriate person 3.5 Obtain approval for recommended changes to be made |
Evidence of the ability to:
review user accounts for their security control
identify security features available in the operating environment
monitor, document and administer security functions on the system
monitor threats to the network using:
third-party diagnostic tools
implementation of virus checking process and schedule
preparation of an audit report and recommendations.
Note: Evidence must be provided for at least TWO systems or occasions.
To complete the unit requirements safely and effectively, the individual must:
describe the key features of current industry accepted hardware and software products related to IT security
discuss privacy issues and legislation with regard to IT security
explain the key components of risk analysis process for system security
describe the key features of specific security technology and systems technologies
analyse the client business domain, including client organisation structure and business functionality.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work and include access to:
special purpose tools, equipment and materials
industry software packages
the security policy
industry and organisational standards
a live system.
Assessors must satisfy NVR/AQTF assessor requirements.