Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Research ICT security requirements
   • Investigate and gather statutory, commercial and application security requirements
   • Assess impact on the existing ICT system
   • Identify additional ICT security requirements
   • Document security requirements and forward to appropriate person for approval
2. Conduct risk analysis
   • Identify security threats and determine security specifications, taking into account the internal and external business environment
   • Develop controls and contingencies to alleviate security threats
   • Identify the costs associated with contingencies
   • Document and forward recommendations to appropriate person for approval
3. Develop ICT security policy and operational procedures
   • Review feedback from appropriate person to determine how to manage security threats
   • Develop security policies based on the security strategy
   • Create and document work procedures based on the security policies
   • Document operating procedures and forward to appropriate person for approval
   • Take action to ensure confidentiality of client and user information
   • Apply statutory requirements to policy and procedures

Performance Evidence

Evidence of the ability to:

research and assess security framework requirements with consideration of statutory and commercial requirements

determine the security risks and develop controls and contingencies

identify costs associated

document the security framework and obtain approval

develop security policies and operating procedures.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

---

Knowledge Evidence

To complete the unit requirements safely and effectively, the individual must:

summarise the design criteria for a security framework, including:

the client business domain

legislation relating to information and communications technology (ICT) security

current industry accepted hardware

current industry software products

security features and capabilities

operating systems

risk relating to ICT security

identify and outline relevant privacy legislation

identify and outline common security considerations for businesses, including:

typical environments

threats

policies and strategies.

---