Application
This unit describes the skills and knowledge required to implement and manage security on an operational system.
It applies to individuals working in middle management in technical advice, guidance and leadership roles such as security managers and security analysts responsible for implementing and managing the organisations security management system.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Analyse threats to system | 1.1 Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies 1.2 Conduct risk analysis on system and document outcomes 1.3 Evaluate threats to the system and document findings 1.4 Compile and document human interactions with system |
2. Determine risk category | 2.1 Conduct a risk assessment on the system and categorise risks 2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks 2.3 Match risk plans to risk categories 2.4 Determine and plan resources by risk categories |
3. Identify appropriate controls | 3.1 Devise and put in place effective controls to manage risk 3.2 Design policies and procedures to cover user access of the system 3.3 Conduct training in the use of system-related policies and procedures 3.4 Monitor high-risk categories at specified periods 3.5 Categorise and record system breakdowns |
4. Include controls in the system | 4.1 Develop security plan and procedures to include in management system 4.2 Develop security recovery plan 4.3 Implement system controls to reduce risks in human interaction with the system |
5. Monitor system tools and procedures | 5.1 Review and monitor risks and controls, using a management review process 5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews 5.3 Plan to re-evaluate system and identify new threats and risks |
Evidence of Performance
Evidence of the ability to:
implement and manage security functions on a system
conduct risk assessment
set up effective controls to manage risk
develop security plan and security recovery plan
monitor risks and controls
review risk analysis process.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
summarise the general features of specific security technologies
describe risk analysis techniques, with a focus on their general features, and depth in security procedures
describe the common security requirements of a client’s organisation, including:
threats
security techniques and technologies
outline systems management and process control in relation to security
explain systems technologies, including a broad summary of their general features and capabilities.
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
a site where system security may be implemented and managed
use of utility tools currently used in industry
organisational security policies
manufacturer recommendations
security standards.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1, 5.1, 5.2 | Gathers, interprets and analyses technical and enterprise information to determine requirements according to client needs |
Writing | 1.2-1.4, 2.1, 2.2, 3.2, 3.5, 4.1, 4.2 | Prepares information that incorporates a synthesis of knowledge, using information and communications technology (ICT) terminology and cohesive language in a format and style appropriate to a specific audience |
Navigate the world of work | 1.1 | Takes full responsibility for identifying and considering relevant policies and procedures when managing a security system |
Interact with others | 3.3 | Demonstrates an increasing capacity to manipulate oral, visual and or written formats to achieve a specific purpose with full command of vocabulary relevant to context |
Get the work done | 1.1-1.3, 2.1-2.4, 3.1, 3.4, 4.3, 5.3 | Demonstrates a sophisticated understanding of principles, concepts, language and practices associated with the digital world and uses these to troubleshoot and reduce risks Uses digital tools to access and organise complex data and analyse multiple sources of information for strategic purposes Is acutely aware of the importance of understanding, monitoring and controlling access to digitally stored and transmitted information Uses a combination of formal and logical planning processes and an increasingly intuitive understanding of context to develop a security plan and a security recovery plan Makes a range of critical decisions in relatively complex situations, taking a range of constraints into account Recognises and addresses complex problems involving participation in group solutions and analysis, and resolving issues for a mixed mode environment of people and systems processes |
Sectors
Networking