Application
This unit describes the skills and knowledge required to ensure secure file encryption is selected, implemented and monitored on a computer network or local environment.
It applies to individuals working as information and communications technology (ICT) professionals who may select, implement and monitor a secure encryption environment in any size enterprise.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Determine encryption methods | 1.1 Analyse enterprise data security requirements 1.2 Create a new or review an existing security plan to determine appropriate encryption methods 1.3 Review a range of encryption technologies and rank the most appropriate options 1.4 Assess the costs associated with each encryption option 1.5 Document encryption options and costs, and forward to appropriate person for decision |
2. Implement encryption | 2.1 Apply encryption technologies to the enterprise system 2.2 Analyse effect of encryption technologies on user roles and responsibilities 2.3 Inform user of new encryption technologies and the effect it has on their responsibilities |
3. Monitor encryption | 3.1 Analyse implementation of the encryption technologies, confirming function and performance 3.2 Review help desk records for problems concerning implementation and take appropriate action 3.3 Review system logs for encryption issues and compromises 3.4 Document encryption issues and compromises, and notify appropriate person |
Evidence of Performance
Evidence of the ability to:
analyse enterprise data security requirements
create or review existing security plan to determine the appropriate encryption methods
rank and document appropriate encryption methods
implement encryption systems and inform users of any impacts
monitor and document encryption issues and compromises, and notify appropriate person.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
explain certificate related infrastructure (certificate authorities, registration authorities, repository services)
summarise common asymmetric key algorithms and their usage
explain common symmetric key algorithms and their usage, such as:
advanced encryption standard (AES)
data encryption standard (DES)
triple data encryption algorithm (triple DES)
Blowfish
explain encryption strength
summarise various encryption types, including public key, secret key, hash key
summarise the functions and features of:
access control permissions
digital signatures
symmetric encryption, asymmetric encryption and one-way encryption
timestamps
explain one-way message digests, such as message digest algorithm 5 (MD5) and secure hash algorithm (SHA)
explain public key infrastructure (PKI), pretty good privacy (PGP) and GNU Privacy Guard (GnuPG)
outline replay security
outline possible sources of security threats, including eavesdropping, data interception, data corruption, data falsification and authentication issues
explain transmission control protocol or internet protocol (TCP/IP) protocols and applications
summarise security problems and challenges that arise from organisational issues
outline wired equivalent privacy (WEP), Wi-Fi protected access (WPA) and Wi-Fi protected access 2 (WPA2).
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
a site where encryption installation may be conducted
a live network
servers
encryption software
encryption tools.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1, 3.2 | Gathers, interprets and analyses technical data to determine security requirements and help desk records to interpret technical compromises |
Writing | 1.1, 1.3, 1.5, 3.4 | Prepares workplace documentation that incorporates an evaluation of technical information and specialised and cohesive language in a format and style appropriate to a specific audience |
Oral Communication | 2.3, 3.4 | Articulates requirements and responsibilities clearly and distinctively, using technical language appropriate to audience and environment |
Numeracy | 1.4 | Uses mathematical formulas and calculations to undertake a cost-benefit analysis |
Navigate the world of work | 1.1 | Recognises and follows explicit and implicit protocols, and meets expectations associated with own role |
Interact with others | 1.5 | Selects the appropriate form, channel and mode of communication for a specific purpose relevant to own role |
Get the work done | 1.3, 2.1, 2.2, 3.1-3.3 | Uses a combination of formal, logical planning processes and an increasingly intuitive understanding of context to determine data security threats, risks and countermeasures Manages and maintains data securely and actively monitors technology, notifying others if security becomes compromised Understands the purposes, specific functions and key features of common digital systems and tools, and operates them effectively to complete routine tasks Initiates standard procedures when responding to familiar problems to troubleshoot, debug and correct connectivity and security issues |
Sectors
Networking