Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

  1. Review organisational security policy and procedures
  2. Develop security plan
  3. Design controls to be incorporated into system

Required Skills

Required skills

analytical skills to undertake risk assessment of datagathering techniques

communication skills to manage group facilitation and presentation related to transferring and collecting information

literacy skills to produce business reports

planning and organisational skills to provide accurate and concise insights to possible security threats for all levels of staff both technical and managerial

problemsolving skills to identify and remedy evolving and complex security threat scenarios

Required knowledge

detailed knowledge of

communications security including human organisational interactions

how to conduct an information security risk assessment

internet technology security including firewalls

physical security

security testing methods for performing security tests

wireless security

overview knowledge of

current industryaccepted security processes including general features and capabilities of software and hardware solutions

ethics in IT

general features of specific security technology

privacy issues and legislation

process security for policy and procedures

Evidence Required

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria required skills and knowledge range statement and the Assessment Guidelines for the Training Package

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to

confirm sufficient knowledge of security products and organisational security policy

establish realistic ground rules for security product procedures

design security controls for a system

incorporate these into a security strategy

Context of and specific resources for assessment

Assessment must ensure access to

IT security assurance specifications

probability frequency and severity of direct and indirect harm loss or misuse of the IT system

risk analysis tools and methodologies

risks to the mission or business resulting from ITrelated risks

security environment which also includes the threats to security that are or are held to be present in the environment

security environment relating to laws and legislation existing organisational security policies and organisational expertise

appropriate learning and assessment support when required

modified equipment for people with special needs

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge The following examples are appropriate for this unit

verbal or written questioning to assess knowledge of

layered security

risk management

security issues

statutory requirements

review of documented security including

policy

plan

strategy

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector workplace and job role is recommended where appropriate

Assessment processes and techniques must be culturally appropriate and suitable to the communication skill level language literacy and numeracy capacity of the candidate and the work being performed

Indigenous people and other people from a nonEnglish speaking background may need additional support

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge


Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Requirements may relate to:

business

network

people in the organisation

system.

Security threats may include:

by-pass actions

data tampering and manipulation

eavesdropping

impersonation

keyboard logging

local applications or local area network (LAN) connections

penetration

weaknesses in internet networks.

Security policy may relate to:

audits and alerts

privacy

standards, including:

archival

backup

network

theft

viruses.

Security plan may include:

logical controls

physical controls

social controls.

Security strategy:

may include:

authentication

authorisation and integrity

privacy

usually forms part of the overall objectives of the organisation.

Stakeholders may include:

development team

project team

sponsor

user.

Organisational guidelines may include:

communication methods

content of emails

dispute resolution

document procedures

downloading information and accessing particular websites

financial control mechanisms

opening mail with attachments

personal use of emails and internet access

templates

virus risk.

Risk assessment may include:

developing risk plans

developing scenarios

evaluating threats

following up

gathering information

identifying counter measures

identifying threats

ranking risk

reporting.