Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners

ICASAS418A Mapping and Delivery Guide
Monitor and administer security of an IT system

Version 1.0
Issue Date: April 2024


Qualification -
Unit of Competency ICASAS418A - Monitor and administer security of an IT system
Description This unit describes the performance outcomes, skills and knowledge required to monitor and administer security functions of an IT system.
Employability Skills This unit contains employability skills.
Learning Outcomes and Application This unit applies to experienced technical support personnel, such as help-desk supervisors, IT support technicians, and user support specialists responsible for maintaining the security of a system.
Duration and Setting X weeks, nominally xx hours, delivered in a classroom/online/blended learning setting.
Prerequisites/co-requisites Not applicable.
Competency Field
Development and validation strategy and guide for assessors and learners Student Learning Resources Handouts
Activities 		Slides
PPT 		Assessment 1 Assessment 2 Assessment 3 Assessment 4
Elements of Competency Performance Criteria              
Element: Ensure user accounts are controlled
  • Modify default user settings to ensure that they conform to security policy
  • Modify previously created user settings to ensure they conform to updated security policy
  • Ensure legal notices displayed at logon are appropriate
  • Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity
  • Take action to ensure password procedures are reviewed with appropriate other internal departments
  • Monitor email to uncover breaches in compliance with legislation
  • Access information services to identify security gaps and take appropriate action using hardware and software or patches
       
Element: Secure file and resource access
  • Review inbuilt security and access features of the operating system and consider need for further action
  • Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security
  • Monitor and record security threats to the system
  • Implement a virus checking process and schedule for the server, computer and other system components
  • Investigate and implement inbuilt or additional encryption facilities
       
Element: Monitor threats to the network
  • Use third-party software or utilities to evaluate and report on system security
  • Review logs and audit reports to identify security threats
  • Carry out spot checks and other security strategies to ensure that procedures are being followed
  • Prepare and present an audit report and recommendations to appropriate person
  • Obtain approval for recommended changes to be made
       


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to:

monitor and administer security functions on the system, which may include use of third-party diagnostic tools

confirm knowledge of security features available in the operating environment.

Context of and specific resources for assessment

Assessment must ensure access to:

security policy

industry and organisational standards

live system

appropriate learning and assessment support when required

modified equipment for people with special needs.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

direct observation:

ensuring security policy compliance

using security strategies to evaluate and report on system security and threats

review of:

audit report and recommendations prepared

virus checking process and schedule implemented

verbal or written questioning to assess candidate’s knowledge of security features within the operating environment.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, where appropriate.

Assessment processes and techniques must be culturally appropriate, and suitable to the communication skill level, language, literacy and numeracy capacity of the candidate and the work being performed.

Indigenous people and other people from a non-English speaking background may need additional support.

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge.

Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assignment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)

Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

Required skills

communication skills to:

liaise with technical team members

present information

provide assistance with organisational guidelines

review logs and audit reports to identify security threats

problem-solving skills to:

identify security threats

use third-party software or utilities to evaluate system security

project planning skills to:

identify scope

implement a virus checking process and schedule

set benchmarks

report writing skills to:

present audit reports and recommendations

report on system security

research skills to identify, analyse and evaluate broad features of a particular business domain and best practice in system security methodologies and technologies

technical skills to:

check strength of passwords

implement virus checking processes and schedules

modify user settings

monitor and record security threats to the system.

Required knowledge

current industry-accepted hardware and software products

privacy issues and legislation with regard to IT security

key components of risk analysis process for system security

specific security technology

systems technologies

client business domain, including client organisation structure and business functionality.

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

User may include:

department within the organisation

person within a department

third party.

Security policy may relate to:

audits and alerts

file access levels

privacy

security objectives of the organisation

standards:

archival

backup

network

theft

viruses.

Legislation may include:

copyright

liability statements

privacy legislation.

Hardware may include:

modems or other connectivity devices

networks

personal computers

remote sites

servers

workstations.

Software may include:

application:

spreadsheet

database

word-processing

internet browser

commercial

customised

in-house

programming:

assembler

compiler

development tools

system:

computer security software

device drivers

operating system.

Operating system may include:

Linux

GNU and Linux

Mac OS X

Microsoft Windows

Unix-like operating systems:

HP-UX

IBM AIX

Silicon Graphics IRIX

Sun Solaris.

Security threats may include:

by-pass

denial of service

eavesdropping

hacking

impersonation

manipulation

penetration

viruses.

Server may include:

application or web servers

BEA Weblogic servers

email servers

file and print servers

firewall servers

FTP servers

IBM VisualAge and WebSphere

Novell Directory Services (NDS) servers

proxy or cache servers

voice servers.

Computer may include:

laptops

other devices:

hand-held and mobile devices

personal digital assistant (PDA)

servers

workstations.

Encryption may include:

asymmetric public-key ciphers

Deslogin

digital signatures

public key infrastructure (PKI)

PKZIP

pretty good privacy (PGP)

RSA public key

secure socket layer (SSL)

sniffers

SSH

symmetric ciphers.

Security strategies may include:

authentication

authorisation and integrity

privacy

security objectives of the organisation.

Appropriate person may include:

authorised business representative

client

project manager

security consultant

supervisor.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Modify default user settings to ensure that they conform to security policy 
Modify previously created user settings to ensure they conform to updated security policy 
Ensure legal notices displayed at logon are appropriate 
Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity 
Take action to ensure password procedures are reviewed with appropriate other internal departments 
Monitor email to uncover breaches in compliance with legislation 
Access information services to identify security gaps and take appropriate action using hardware and software or patches 
Review inbuilt security and access features of the operating system and consider need for further action 
Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security 
Monitor and record security threats to the system 
Implement a virus checking process and schedule for the server, computer and other system components 
Investigate and implement inbuilt or additional encryption facilities 
Use third-party software or utilities to evaluate and report on system security 
Review logs and audit reports to identify security threats 
Carry out spot checks and other security strategies to ensure that procedures are being followed 
Prepare and present an audit report and recommendations to appropriate person 
Obtain approval for recommended changes to be made 

Forms

Assessment Cover Sheet

ICASAS418A - Monitor and administer security of an IT system
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:

Assessment Record Sheet

ICASAS418A - Monitor and administer security of an IT system

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: