Application
This unit describes the skills and knowledge required to manage cloud security controls, and privacy and legal compliance, when implementing cloud services for an enterprise.
It applies to those with managerial responsibility, such as experienced security technical specialists, security analysts and security consultants.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Manage enterprise cloud security controls | 1.1 Identify the cloud security issues faced by different delivery and deployment models relevant to the enterprise 1.2 Determine the specific enterprise areas of security responsibility 1.3 Implement the most relevant security controls and measures, to protect identified areas of responsibility |
2. Manage enterprise cloud privacy and compliance | 2.1 Identify the relevant compliance regulations relating to data storage 2.2 Determine the most relevant business continuity and data recovery plans 2.3 Identify, secure and maintain, the relevant logs and audit trails 2.4 Investigate and review legal, privacy and contractual issues to ensure that they meet the enterprise policy |
3. Review, implement and document cloud security, privacy and compliance enhancements | 3.1 Implement the appropriate changes, and integrate them into the current enterprise’s continuity of operation program (COOP) 3.2 Establish a performance measurement program, to evaluate the security effectiveness of implemented security controls 3.3 Provide relevant documentation as part of COOP, for audit tracking purposes |
Evidence of Performance
Evidence of the ability to:
identify, manage and implement cloud security controls, according to legal and privacy requirements
integrate the cloud security plans into the enterprise’s existing security plans
develop an ongoing performance measurement and evaluation review process.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
review the business and commercial issues relating to the management of cloud security
research the legislation, organisational and jurisdictional policy and procedures that may impact on management areas including:
cloud-related privacy issues
codes of ethics and conduct
equal employment opportunity, equity and diversity principles
financial management requirements
governance requirements
determine management specifications and objectives
identify the management tools and techniques suited to a range of complex project activities
describe the organisational and political context
evaluate the systems development life cycle (SDLC)
determine the techniques for critical analysis in a management context.
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:
the cloud information and communications technology (ICT) business specifications
the cloud ICT security assurance specifications
management-related scenarios
a cloud-focused security environment, including threats to security that are, or are held to be, present in the environment
information on the security environment, including:
laws or legislation
existing enterprise security policies
enterprise expertise
risk analysis tools and methodologies currently used in industry.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1, 1.2, 2.1, 2.3, 2.4 | Organises, evaluates and critiques ideas, and information, from a wide range of complex texts |
Writing | 2.3, 3.3 | Demonstrates sophisticated writing skills by selecting the appropriate conventions and stylistic devices, to express precise meaning |
Navigate the world of work | 1.1 | Works autonomously making high-level decisions to achieve, and improve, organisational goals Develops and implements strategies, that ensure that organisational policies, procedures and regulatory requirements are being met |
Get the work done | 1.2, 1.3, 2.1-2.4, 3.1-3.3 | Plans strategic priorities and outcomes within a flexible, efficient and effective context, in a diverse environment, exposed to competing demands Gathers and analyses data, and seeks feedback to improve plans and processes Makes high-impact decisions in a complex and diverse environment, using input from a range of sources Identifies the key factors that impact on decisions and their outcomes, drawing on experience, competing priorities, and decision- making strategies, where appropriate Explores and incubates, new and innovative ideas, through unconstrained analysis and critical thinking, to develop and improve the organisation’s goals |
Sectors
Networking