The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Assess network security threats and vulnerabilities to identify risk
|
|
Assess and report on current system security, according to required asset security level Completed |
Evidence:
|
Determine additional network, software, hardware and system security threats and vulnerabilities Completed |
Evidence:
|
Use identified threats and vulnerability information to identify security risks Completed |
Evidence:
|
Make recommendations to management to address security deficiencies, according to current and future commercial and business requirements Completed |
Evidence:
|
Implement countermeasures for identified vulnerabilities and threats
|
|
Implement required level of perimeter security based on current and future business needs Completed |
Evidence:
|
Assess and implement best practice server and network hardening techniques and measures Completed |
Evidence:
|
Implement secure authentication and user account controls Completed |
Evidence:
|
Secure data integrity and transmission Completed |
Evidence:
|
Test and verify functionality and performance of security system implemented
|
|
Design test items to verify key function and performance measures against criteria Completed |
Evidence:
|
Conduct function and performance tests recording results Completed |
Evidence:
|
Modify and debug security system as necessary Completed |
Evidence:
|
Develop documentation on current system settings and file for future reference Completed |
Evidence:
|
Provide systems for monitoring and maintaining security
|
|
Monitor current network security, including physical aspects, using appropriate third-party testing software where applicable Completed |
Evidence:
|
Review logs and audit reports to identify and record security incidents, intrusions or attempts Completed |
Evidence:
|
Carry out spot checks and audits to ensure that procedures are not being bypassed Completed |
Evidence:
|
Document newly discovered security threats, vulnerabilities and risks in a report for presentation to appropriate person to gain approval for changes to be made Completed |
Evidence:
|