Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

  1. Research IT security requirements
  2. Conduct risk analysis
  3. Develop IT security policy and operational procedures

Required Skills

Required skills

analytical skills to

analyse International Organization for Standardization ISO International Electrotechnical Commission IEC Australian Standards AS and other standards to establish and maintain a security framework

evaluate and present information across a range of technical and management functions

communication skills to liaise with clients and users and articulate complex security scenarios in a clear and concise manner

literacy skills to produce document procedures and recommendations

numeracy skills to develop a broad plan budget or strategy

planning and organisational skills to

contribute to the development of security policies procedures and frameworks

facilitate presentations to groups

research skills to

identify the range of security risks

transfer and collect information

Required knowledge

detailed knowledge of

accurate and indepth knowledge of the client business domain

awareness of legislation relating to IT security

current industryaccepted hardware and software products including broad knowledge of security features and capabilities

operating systems including strengths and weaknesses over lifetime of product

sources of risk relating to IT security

overview knowledge of privacy issues and legislation

Evidence Required

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria required skills and knowledge range statement and the Assessment Guidelines for the Training Package

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to

explain legal obligations with respect to privacy and the specific application of security issues

design a security framework

Context of and specific resources for assessment

Assessment must ensure access to

information on the security environment including

laws or legislation

existing organisational security policies

organisational expertise

IT business specifications

IT security assurance specifications

possible security environment which also includes the threats to security that are or are held to be present in the environment

risk analysis tools or methodologies

appropriate learning and assessment support when required

modified equipment for people with special needs

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge The following examples are appropriate for this unit

verbal or written questioning to assess candidates knowledge of

security threats

current industry security trends

current legislation

review of candidates documented security policies

evaluation of candidates documented operating procedures

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector workplace and job role is recommended where appropriate

Assessment processes and techniques must be culturally appropriate and suitable to the communication skill level language literacy and numeracy capacity of the candidate and the work being performed

Indigenous people and other people from a nonEnglish speaking background may need additional support

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge

Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Security requirements may include:

customs

expertise

knowledge

laws

organisational security policies

security environment, which also includes:

authentication

encryption

hardware

passwords

policies

threats to security that are, or are held to be, present in the environment.

Appropriate person may include:

authorised business representative

client

supervisor.

Security threats may include:

data tampering and manipulation; impersonation, penetration and by-pass actions

eavesdropping

keyboard logging

local applications or LAN connections

weaknesses in internet networks.

Security policies may cover:

theft

viruses

standards, including archival, backup and network

privacy

audits and alerts.

Security strategy may include:

authentication

authorisation and integrity

privacy.

Client may include:

employees

external organisations

individuals

internal departments.

User may include:

department within the organisation

person within a department

third party.