Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners

ICTSAS418 Mapping and Delivery Guide
Monitor and administer security of an ICT system

Version 1.0
Issue Date: May 2024


Qualification -
Unit of Competency ICTSAS418 - Monitor and administer security of an ICT system
Description
Employability Skills
Learning Outcomes and Application This unit describes the skills and knowledge required to monitor and administer security functions of an information and communications technology (ICT) system.It applies to experienced individuals who, while working under a level of supervision, have responsibility in a frontline technical support capacity to ensure organisational standards are met, and apply technical and specialised knowledge to maintain the security of a system.No licensing, legislative, or certification requirements apply to this unit at the time of publication.
Duration and Setting X weeks, nominally xx hours, delivered in a classroom/online/blended learning setting.

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work and include access to:

special purpose tools, equipment and materials

industry software packages

the security policy

industry and organisational standards

a live system.

Assessors must satisfy NVR/AQTF assessor requirements.
Prerequisites/co-requisites
Competency Field
Development and validation strategy and guide for assessors and learners Student Learning Resources Handouts
Activities 		Slides
PPT 		Assessment 1 Assessment 2 Assessment 3 Assessment 4
Elements of Competency Performance Criteria              
Element: Ensure user accounts are controlled
  • Modify default user settings to ensure they conform to security policy
  • Modify previously created user settings to ensure they conform to updated security policy
  • Ensure legal notices displayed at logon are appropriate
  • Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity
  • Take action to ensure password procedures are reviewed with appropriate other internal departments
  • Monitor email to uncover breaches in compliance with legislation
  • Access information services to identify security gaps and take appropriate action using hardware and software or patches
       
Element: Secure file and resource access
  • Review inbuilt security and access features of the operating system and consider need for further action
  • Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security
  • Monitor and record security threats to the system
  • Implement a virus checking process and schedule for the server, computer and other system components
  • Investigate and implement inbuilt or additional encryption facilities
       
Element: Monitor threats to the network
  • Use third-party software or utilities to evaluate and report on system security
  • Review logs and audit reports to identify security threats
  • Carry out spot checks and other security strategies to ensure that procedures are being followed
  • Prepare and present an audit report and recommendations to appropriate person
  • Obtain approval for recommended changes to be made
       


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Ensure user accounts are controlled

1.1 Modify default user settings to ensure they conform to security policy

1.2 Modify previously created user settings to ensure they conform to updated security policy

1.3 Ensure legal notices displayed at logon are appropriate

1.4 Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity

1.5 Take action to ensure password procedures are reviewed with appropriate other internal departments

1.6 Monitor email to uncover breaches in compliance with legislation

1.7 Access information services to identify security gaps and take appropriate action using hardware and software or patches

2. Secure file and resource access

2.1 Review inbuilt security and access features of the operating system and consider need for further action

2.2 Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security

2.3 Monitor and record security threats to the system

2.4 Implement a virus checking process and schedule for the server, computer and other system components

2.5 Investigate and implement inbuilt or additional encryption facilities

3. Monitor threats to the network

3.1 Use third-party software or utilities to evaluate and report on system security

3.2 Review logs and audit reports to identify security threats

3.3 Carry out spot checks and other security strategies to ensure that procedures are being followed

3.4 Prepare and present an audit report and recommendations to appropriate person

3.5 Obtain approval for recommended changes to be made

Evidence of the ability to:

review user accounts for their security control

identify security features available in the operating environment

monitor, document and administer security functions on the system

monitor threats to the network using:

third-party diagnostic tools

implementation of virus checking process and schedule

preparation of an audit report and recommendations.

Note: Evidence must be provided for at least TWO systems or occasions.

To complete the unit requirements safely and effectively, the individual must:

describe the key features of current industry accepted hardware and software products related to IT security

discuss privacy issues and legislation with regard to IT security

explain the key components of risk analysis process for system security

describe the key features of specific security technology and systems technologies

analyse the client business domain, including client organisation structure and business functionality.

Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assignment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)

Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Ensure user accounts are controlled

1.1 Modify default user settings to ensure they conform to security policy

1.2 Modify previously created user settings to ensure they conform to updated security policy

1.3 Ensure legal notices displayed at logon are appropriate

1.4 Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity

1.5 Take action to ensure password procedures are reviewed with appropriate other internal departments

1.6 Monitor email to uncover breaches in compliance with legislation

1.7 Access information services to identify security gaps and take appropriate action using hardware and software or patches

2. Secure file and resource access

2.1 Review inbuilt security and access features of the operating system and consider need for further action

2.2 Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security

2.3 Monitor and record security threats to the system

2.4 Implement a virus checking process and schedule for the server, computer and other system components

2.5 Investigate and implement inbuilt or additional encryption facilities

3. Monitor threats to the network

3.1 Use third-party software or utilities to evaluate and report on system security

3.2 Review logs and audit reports to identify security threats

3.3 Carry out spot checks and other security strategies to ensure that procedures are being followed

3.4 Prepare and present an audit report and recommendations to appropriate person

3.5 Obtain approval for recommended changes to be made

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Modify default user settings to ensure they conform to security policy 
Modify previously created user settings to ensure they conform to updated security policy 
Ensure legal notices displayed at logon are appropriate 
Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity 
Take action to ensure password procedures are reviewed with appropriate other internal departments 
Monitor email to uncover breaches in compliance with legislation 
Access information services to identify security gaps and take appropriate action using hardware and software or patches 
Review inbuilt security and access features of the operating system and consider need for further action 
Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security 
Monitor and record security threats to the system 
Implement a virus checking process and schedule for the server, computer and other system components 
Investigate and implement inbuilt or additional encryption facilities 
Use third-party software or utilities to evaluate and report on system security 
Review logs and audit reports to identify security threats 
Carry out spot checks and other security strategies to ensure that procedures are being followed 
Prepare and present an audit report and recommendations to appropriate person 
Obtain approval for recommended changes to be made 

Forms

Assessment Cover Sheet

ICTSAS418 - Monitor and administer security of an ICT system
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:

Assessment Record Sheet

ICTSAS418 - Monitor and administer security of an ICT system

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: