Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

  1. Undertake risk assessment
  2. Secure operating systems (OS)
  3. Secure site server
  4. Secure data transactions
  5. Monitor and document security framework

Required Skills

Required skills

communication skills to liaise with internal and external personnel on technical operational and businessrelated matters

literacy skills to

collate analyse and assess importance and relevance of product information

summarise and document information

write procedures

numeracy skills to take test measurements interpret results and evaluate performance

planning and organisational skills to

develop enterprise policy and procedures

plan prioritise and monitor own work

research skills to interrogate vendor databases and websites

technical skills to

configure a web server

identify key sources of information

see conflicts and integration capabilities between diverse equipment

understand specification sheets

use auditing and penetration testing techniques

Required knowledge

Australian Computer Society Code of Ethics

client business domain structure function and organisation including organisational issues surrounding security

copyright and intellectual property as related to website information

commonwealth Privacy Act

current industryaccepted hardware and software products

desktop applications and OS as required

technical knowledge of functions and features of

automated intrusion detection software

network address translation NAT related to securing internal IP addresses buffer overruns and stack smashing with reference to operating system deficiencies

authentication and access control

common stored account payment systems

cryptography

CGI scripts

generic secure protocols

stored value payment systems

advantages and disadvantages of using the range of security features

protocol stack for internet communications

physical web server security particularly remote host security threats

Evidence Required

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria required skills and knowledge range statement and the Assessment Guidelines for the Training Package

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to

identify potential security threats to a website

develop strategies to secure a dynamic website

implement such strategies

Context of and specific resources for assessment

Assessment must ensure access to

dynamic website

security plan

user requirements

relevant legislation standards and organisational requirements

appropriate learning and assessment support when required

modified equipment for people with special needs

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge The following examples are appropriate for this unit

verbal or written questioning to assess candidates knowledge of

client domain

website security techniques

current website security threats

review of candidates documented

risk assessment

performance benchmarks

evaluation of candidates security framework

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector workplace and job role is recommended where appropriate

Assessment processes and techniques must be culturally appropriate and suitable to the communication skill level language literacy and numeracy capacity of the candidate and the work being performed

Indigenous people and other people from a nonEnglish speaking background may need additional support

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge

Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Client may include:

external organisation

individual

internal department

internal employee.

Security threats may include:

denial of service and by-pass

eavesdropping

hackers

manipulation and impersonation

penetration

viruses using logging.

Security policy may include:

audits and alerts

privacy

standards, including archival, backup and network

theft

viruses.

Legislation may include:

copyright

liability statements

privacy legislation.

Standards may include:

International Organization for Standardization (ISO), International Electrotechnical Commission (IEC) and Australian Standards (AS) standards

organisational standards

project standards.

Security services may include:

application proxies

authentication and access control

digital certificates

digital signatures

encryption

file access permissions

multi-platform directory services supporting relevant standards

network points and mainframes

packet filters

personnel security

screening routers

servers

secure hypertext transfer protocol (SHTTP)

single stage and dual stage firewalls

smart cards

secure socket layer (SSL)

stored account payment systems

stored value payment systems

support for generalised security services interfaces

trusted hardware and operating systems at selective desktops

trusted systems with C and B assurance levels

virtual private network (VPN) technology.

Equipment may include:

hard drives

hubs

modems and other connectivity devices, including digital subscriber line (DSL) modems

monitors

other peripheral devices

personal computers (PCs)

personal digital assistants (PDAs)

printers

switches

workstations.

OS may include:

Mac OS 8 or above

Linux 6.0 or above

Windows XP or above.

Firewalls may include:

hardware appliances

individual PC solution; varying functionality, including network address translator (NAT) and IP masquerading, routing to specific machines

proxy servers.

Server may include:

application or web servers

BEA Weblogic servers

email servers

file and print servers

file transfer protocol (FTP) servers

firewall servers

IBM VisualAge and WebSphere

Novell Directory Services (NDS) servers

proxy or cache servers.

Database may include:

commercial off-the-shelf (COTS) database packages

object-relational databases

proprietary databases

relational databases.

Requirements may refer to:

business

network

people in the organisation

system.