Application
This unit describes the skills required to identify and establish the information system security framework for an organisation or a business unit at functional level. It includes determining the organisational context, determining principal areas of risk, determining system requirements and establishing the security framework.
This unit applies to those with organisation-wide responsibility for defining systems and procedures which impact on organisational security.
The skills and knowledge described in this unit must be applied within the legislative, regulatory and policy environment in which they are carried out. Organisational policies and procedures must be consulted and adhered to, particularly those related to defining information systems for security.
Those undertaking this unit would work autonomously while frequently accessing and evaluating support from a broad range of sources. They would perform sophisticated tasks in a broad range of contexts.
No licensing, legislative or certification requirements apply to unit at the time of publication.
Elements and Performance Criteria
ELEMENTS | PERFORMANCE CRITERIA |
Elements describe the essential outcomes | Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section. |
1. Establish the organisational context | 1.1 Identify and document legislative and regulatory requirements for the organisation. 1.2 Analyse legislation for any information management security implications and document outcomes. 1.3 Review organisational purpose and function for compliance requirements. 1.4 Analyse broad social context in which the organisation operates to determine community expectations. |
2. Determine the principal areas of risk requiring information strategy | 2.1 Review and update existing risk analyses. 2.2 Review and document regulatory requirements and legal liabilities for their impact on the information systems framework. 2.3 Determine and document risks and liabilities to be managed by information systems, informing the development of the framework. |
3. Determine the information system requirements for each business function | 3.1 Analyse risks, liabilities and regulatory requirements. 3.2 Document and communicate identified requirements as evidence to be captured as records. 3.3 Formulate information system specifications from the evidence requirements. 3.4 Determine information security requirements. 3.5 Determine specifications for information systems security measures. |
4. Establish information systems framework for organisation | 4.1 Develop and communicate an overview of responsibilities for information management within the organisation. 4.2 Define responsibilities and authorities in relation to regulatory requirements. 4.3 Define information management responsibilities and rights for each business function. 4.4 Integrate identified risks and liabilities managed by information systems. 4.5 Define, assign and document levels of accountability and responsibility within the framework. 4.6 Formulate and document security procedures for information systems. |
5. Obtain approval for framework | 5.1 Communicate completed and documented framework for review and endorsement. 5.2 Establish review process and assign appropriate persons with maintaining the currency of the organisation’s information systems framework. |
Evidence of Performance
Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least two occasions.
applying legislation, regulations and policies relating to government information systems security
analysing process functions and problems
preparing, compiling and writing complex documents and reports
communicating complex relationships and processes effectively to users and management
documenting complex relationships and processes
identifying and viewing component parts as integral elements of the whole system
reading and interpreting mathematical concepts and values embedded in specifications and complex technical documentation
analysing and interpreting legal, regulatory and security requirements and organisation policies and procedures
analysing and synthesising documentation, verbally delivered information, and observed behaviours
consulting with diverse stakeholders to elicit relevant information for analysis
Evidence of Knowledge
Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate.
Operational knowledge of:
legislation, regulations, policies, procedures and guidelines relating to government information system security
equal employment opportunity, equity and diversity principles
public sector legislation in the context of government information systems security
sources of information about jurisdictional requirements for information systems
equal employment opportunity, equity and diversity principles
public sector legislation, including WHS and environment, in the context of government information systems security
requires comprehensive knowledge of functions and structures in the organisation
policies and strategies that apply across the jurisdiction
information management principles and processes
information security requirements
Assessment Conditions
Assessment of this unit requires evidence gathered over time in a workplace environment or one that closely resembles normal work practice and replicates the diverse conditions likely to be encountered when defining information systems.
Assessors must satisfy the NVR/AQTF mandatory competency requirements for assessors.
Foundation Skills
The foundation skills demands of this unit have been mapped for alignment with the Australian Core Skills Framework (ACSF). The following tables outline the performance levels indicated for successful attainment of the unit.
Further information on ACSF and the foundation skills underpinning this unit can be found in the Foundation Skills Guide on the GSA website.
Competency Field
Security