The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Develop the incident response program
|
|
Develop the incident management policy Completed |
Evidence:
|
Identify the services the incident response team should provide Completed |
Evidence:
|
Create incident response plans in accordance with security policy and organisational goals Completed |
Evidence:
|
Develop procedures for performing incident handling and reporting Completed |
Evidence:
|
Create incident response exercises and red teaming activities Completed |
Evidence:
|
Develop specific processes for collecting and protecting forensic evidence during incident response Completed |
Evidence:
|
Specify the incident response staffing and training requirements Completed |
Evidence:
|
Establish incident management measurement program Completed |
Evidence:
|
Implement the incident response program
|
|
Apply response actions in reaction to security incidents in accordance with established policy, plans, and procedures Completed |
Evidence:
|
Respond to and report incidents Completed |
Evidence:
|
Assist in collecting, processing, and preserving evidence according to requirements Completed |
Evidence:
|
Execute incident response plans Completed |
Evidence:
|
Execute red teaming activities and incident response exercises Completed |
Evidence:
|
Ensure lessons learned from incidents are collected in a timely manner and are incorporated into plan reviews Completed |
Evidence:
|
Collect, analyse, and report incident management measures Completed |
Evidence:
|
Evaluate the incident response program
|
|
Assess the efficiency and effectiveness of the incident response program activities and implement changes as required Completed |
Evidence:
|
Examine the effectiveness of red teaming and incident response tests, training, and exercises Completed |
Evidence:
|
Assess the effectiveness of communications between incident response team and related internal and external organisations and implement changes where appropriate Completed |
Evidence:
|
Identify incident management improvement actions based on assessments of effectiveness Completed |
Evidence:
|