Application
This unit describes the skills and knowledge required to manage data security, enterprise continuity, incidents, networks and telecommunications security, and system and application security.
It applies to individuals with managerial responsibility and advanced information and communications technology (ICT) skills who are working as experienced security technical specialists, security analysts and security consultants.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Manage enterprise security parameters | 1.1 Determine and evaluate parameters that affect enterprise security to establish benchmark 1.2 Review security classification and data management policies and procedures for relevance, and update if required 1.3 Plan and coordinate an effective enterprise continuity of operations (COOP) program and organisational structure for critical business continuity 1.4 Develop a plan to address factors to manage the risks of the enterprise 1.5 Integrate and evaluate risk management concepts into operational activities with related contingency planning activities, using an enterprise COOP performance measurement program 1.6 Evaluate and assess security incidents to establish an effective incident management program for the enterprise 1.7 Manage the coordination between related security teams for effective incident management processes and procedures |
2. Manage networks and telecommunications security | 2.1 Develop a network security and telecommunications program in line with enterprise policy and security goals 2.2 Manage the necessary resources to integrate network security and telecommunications program activities with technical support, security administration and incident response activities in a secure network 2.3 Establish effective communications protocols between the network security and telecommunications team and related security teams to manage the risks 2.4 Establish a performance measurement program to evaluate the security effectiveness of the integrated network security and telecommunications network 2.5 Ensure enterprise compliance with applicable network |
3. Implement and document enhancements | 3.1 Implement appropriate changes and improvement actions as required, and evaluate effectiveness of enhancements 3.2 Produce and table documentation for audit tracking |
Evidence of Performance
Evidence of the ability to:
direct contingency planning, operations and programs to manage risk
establish the information and communications technology (ICT) system and application security engineering program
manage the necessary resources to establish and maintain an effective network security and telecommunications program
specify policy and coordinate review.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
explain business and commercial issues related to the management of ICT security
explain continuity of operations (COOP)
clarify critical analysis in a management context
outline management specifications and objectives
describe different management styles and systems
explain systems development life cycle (SDLC).
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the networking industry, and include access to:
ICT business specifications
ICT security assurance specifications
management related scenarios
a security environment, including the threats to security that are, or are held to be, present in the environment
information on the security environment, including:
laws or legislation
existing organisational security policies
organisational expertise
use of risk analysis tools and methodologies currently used in industry.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1, 1.2, 1.5, 1.6, 2.1, 2.5 | Identifies, analyses and evaluates complex text to determine regulatory and business requirements |
Writing | 1.2, 1.4, 1.6, 2.1, 2.3, 2.4, 3.2 | Develops a broad range of operational material, including recommendations and reports for a specific audience, using clear and detailed language to convey explicit information, requirements and recommendations |
Numeracy | 2.2 | Uses mathematical formulas and calculations to estimate and plan project costs |
Navigate the world of work | 1.2, 2.3-2.5 | Develops and implements strategies that ensure organisational policies, procedures and regulatory requirements are being met Monitors and reviews the organisation’s policies, procedures and adherence to legislative requirements in order to implement and manage change |
Interact with others | 1.7, 2.2-2.5, 3.1 | Selects, implements and manipulates communications systems, processes and practices for maximum impact Influences and fosters a collaborative culture, facilitating a sense of commitment and workplace cohesion Understands diversity and seeks to integrate diversity into the work context, for managing change, making decisions and achieving shared outcomes |
Get the work done | 1.3-1.6, 2.1- 2.5, 3.1 | Demonstrates a sophisticated understanding of principles, concepts, language and practices associated with the digital world and uses these to troubleshoot and understand the uses and potential of new technology Is acutely aware of the importance of understanding, monitoring and controlling access to digitally stored and transmitted information Uses a mix of intuitive and formal processes to identify key information and issues, evaluate alternative strategies, anticipate consequences and consider implementation issues and contingencies When dealing with complex issues, may use intuition to identify the general problem area, switching to analytical processes to generate possible solutions, depending on differing operational contingencies, risk situations and environments Monitors outcomes of decisions, considering results from a range of perspectives and identifying key concepts and principles that may be adaptable to future situations |
Sectors
Networking