Application
This unit describes the skills and knowledge required to implement and evaluate the application of the principles, policies and procedures that enable an enterprise to meet applicable information security laws, regulations and standards to satisfy statutory requirements, perform industry-wide best practices, and achieve its information security program goals.
It applies to individuals who apply specialised and technical knowledge in developing strategic initiatives in an information and communications technology (ICT) work environment.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Implement compliance systems | 1.1 Monitor and assess the information security compliance practices of personnel according to enterprise policy and procedures 1.2 Maintain ongoing and effective communications with key compliance stakeholders 1.3 Conduct internal audits to determine if information security control objectives, controls, processes, and procedures are effectively applied and maintained, and perform as expected |
2. Evaluate compliance systems | 2.1 Assess the effectiveness of enterprise compliance program controls against appropriate benchmarks 2.2 Assess the effectiveness of information security compliance process and procedures for process improvement and implement changes where appropriate 2.3 Compile, analyse and report performance measures |
Evidence of Performance
Evidence of the ability to:
monitor and assess information security compliance
conduct internal audits
assess the effectiveness of enterprise compliance
compile, analyse and report performance measures.
Note: Evidence must be provided on at least TWO occasions.
Evidence of Knowledge
To complete the unit requirements safely and effectively, the individual must:
describe the client business domain
compare and contrast the key security features and capabilities of current industry accepted hardware and software products
research and report on the key features of legislation relating to information and communications technology (ICT) security
evaluate the operating system, including strengths and weaknesses over lifetime of product
discuss privacy issues and legislation relating to integrating legal requirements with ICT security.
Assessment Conditions
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work, and include access to:
ICT business specifications
information on the security environment, including laws or legislation, existing organisational security policies, organisational expertise and knowledge
possible security environment, which includes threats to security that are, or are held to be, present in the environment
risk analysis tools and methodologies
ICT security assurance specifications.
Assessors must satisfy NVR/AQTF assessor requirements.
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill | Performance Criteria | Description |
Reading | 1.1, 2.1 | Interprets and analyses a range of complex textual information and data to determine necessary actions |
Writing | 1.2, 2.3 | Uses clear, accurate and concise language and appropriate formats to convey complex content for a range of audiences |
Oral Communication | 1.1, 1.2, 2.3 | Uses clear and precise language to explain and present information and obtain feedback relevant to the task and audience |
Numeracy | 1.3 | Accurately interprets, analyses and documents numerical and technical system data |
Navigate the world of work | 1.1, 1.3, 2.1 | Monitors and reviews the organisations policies, procedures and adherence to legislative requirements Develops and implements strategies to ensure organisational policies, procedures and regulatory requirements are met |
Interact with others | 1.2 | Selects, implements and manipulates communications systems, processes and practices for maximum impact |
Get the work done | 1.1, 1.3, 2.1-2.3 | Plans strategic priorities and outcomes within a flexible, efficient and effective context in a diverse environment exposed to competing demands Gathers and analyses data and seeks feedback to improve plans and processes Addresses complex problems involving multiple variables, using formal analytical, lateral thinking techniques, experience and knowledge to focus in on the root cause |
Sectors
Systems administration and support