Application
This unit describes the skills and knowledge required to lead the development of asset protection processes, determining threats and implementing controls to mitigate risk.
It applies to individuals working as middle managers including information security managers, network engineers and network technicians who are responsible for implementing and managing the organisational disaster recovery and asset protection policy and procedures.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Ensure compliance with company network and security policies | 1.1 Review company security policies 1.2 Audit and record security access 1.3 Ensure user accounts are controlled 1.4 Ensure secure file and resource access |
2. Conduct audit on system assets | 2.1 Use appropriate tools and techniques to conduct audit on system hardware and software assets 2.2 Develop a system to record assets 2.3 Use system to develop reports on assets for management |
3. Implement an antivirus solution | 3.1 Research appropriate antivirus and anti-malware solutions 3.2 Implement antivirus or anti-malware solution 3.3 Test antivirus and anti-malware solution functionality |
4. Implement systems to protect assets from threats | 4.1 Determine environmental threats to data 4.2 Document systems to protect from environmental threat 4.3 Implement system to protect data from environmental threat |
5. Develop a backup solution | 5.1 Determine appropriate backup type to meet systems needs 5.2 Investigate current backup media options 5.3 Implement a backup solution 5.4 Demonstrate functionality of backup solution 5.5 Demonstrate restore of data from backup media 5.6 Implement a real time backup and data sync solution |
6. Monitor network performance | 6.1 Determine available network performance monitoring tools 6.2 Implement network performance monitoring tools to monitor network 6.3 Produce report on network performance |
Evidence of Performance
Evidence of the ability to:
identify user access control issues
use appropriate tools to conduct audit on system assets
implement and test antivirus solution
employ systems to negate environmental threats
demonstrate features of data backup, restore and system roll back
perform network monitoring using a variety of current standard tools
add network controls according to network and data integrity policies.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
summarise the broad principles of data integrity on a network, including:
auditing and control of user access
asset tracking and auditing
current antivirus solutions and techniques
describe backup, restore and rollback procedures
identify and describe system and network monitoring tools and their related functions
recognise and overview the client organisation structure and business functionality as they relate to data integrity
select and describe the tools and applications required to manage network and data integrity, including the disaster recovery processes.
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
a site or prototype where network and data integrity strategies may be implemented and managed
use of network support tools currently used in industry
the organisation’s security policies, manufacturer recommendations and network and data integrity protection standards.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1, 3.1 | Interprets textual information from relevant sources to identify software solutions and adherence to company security policies |
Writing | 1.2, 2.2, 2.3, 4.2, 6.3 | Develops material for a specific audience, using clear and detailed language in order to convey explicit information, requirements and recommendations |
Navigate the world of work | 1.1 | Complies with explicit organisational policies and procedures |
Get the work done | 1.2, 1.3, 2.1-2.3, 3.2, 3.3, 4.1, 4.3, 5.1-5.6, 6.1, 6.2 | Determines job priorities, resources and equipment, and works logically and systematically to undertake clearly defined and familiar tasks Takes responsibility for routine decision making by selecting from a range of predetermined options in routine situations, identifying and taking some situational factors into account Initiates standard procedures when applying solutions in networks, including systems management processes, and deploys rapid solutions to problems involving management of network assets Understands the purposes, specific functions and key features of common digital systems and tools, and operates them effectively to complete routine tasks Understands the importance of secure information and privacy, and takes personal responsibility for identifying and managing risk factors |
Range Statement
This section specifies different work environments and conditions that may affect performance. Essential operating conditions that may be present (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) are included.
Security policies must include: | data security physical security remote access user logon. |
Tools must include: | hardware and software audit tools, including: DXdiag Microsoft Software Inventory Analyzer (MSIA) E-Z Audit hardware and software logs. |
Backup type must include: | copy differential folder and drive synchronisation full and normal incremental redundant array of independent disks (RAID). |
Sectors
Networking