NTISthis.com

Evidence Guide: ICANWK513A - Manage system security

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICANWK513A - Manage system security

What evidence can you provide to prove your understanding of each of the following citeria?

Analyse threats to system

  1. Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies
  2. Conduct risk analysis on system and document outcomes
  3. Evaluate threats to the system and document findings
  4. Compile and document human interactions with system
Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Conduct risk analysis on system and document outcomes

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Evaluate threats to the system and document findings

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Compile and document human interactions with system

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Determine risk category

  1. Conduct a risk assessment on the system and categorise risks
  2. Conduct a risk assessment on human operations and interactions with the system and categorise risks
  3. Match risk plans to risk categories
  4. Determine and plan resources by risk categories
Conduct a risk assessment on the system and categorise risks

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Conduct a risk assessment on human operations and interactions with the system and categorise risks

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Match risk plans to risk categories

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Determine and plan resources by risk categories

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Identify appropriate controls

  1. Devise and put in place effective controls to manage risk
  2. Design policies and procedures to cover user access of the system
  3. Conduct training in the use of system-related policies and procedures
  4. Monitor high-risk categories at specified periods
  5. Categorise and record system breakdowns
Devise and put in place effective controls to manage risk

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Design policies and procedures to cover user access of the system

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Conduct training in the use of system-related policies and procedures

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor high-risk categories at specified periods

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Categorise and record system breakdowns

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Include controls in the system

  1. Develop security plan and procedures to include in management system
  2. Develop security recovery plan
  3. Implement system controls to reduce risks in human interaction with the system
Develop security plan and procedures to include in management system

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Develop security recovery plan

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Implement system controls to reduce risks in human interaction with the system

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor system tools and procedures

  1. Review and monitor risks and controls using a management review process
  2. Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews
  3. Plan to re-evaluate system and identify new threats and risks
Review and monitor risks and controls using a management review process

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Plan to re-evaluate system and identify new threats and risks

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Overview of assessment

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the ability to:

implement and manage security functions on a system

conduct risk assessment

set up effective controls to manage risk

develop security plan and security recovery plan

monitor risks and controls

review risk-analysis process.

Context of and specific resources for assessment

Assessment must ensure access to:

site where system security may be implemented and managed

use of utility tools currently used in industry

organisational security policies

manufacturer recommendations

security standards

appropriate learning and assessment support when required

modified equipment for people with special needs.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

verbal or written questioning to assess knowledge of security risks and options available in the operating environment

direct observation of candidate demonstrating management of system security in a range of complex situations

review of documentation prepared by candidate to manage system security.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, where appropriate.

Assessment processes and techniques must be culturally appropriate, and suitable to the communication skill level, language, literacy and numeracy capacity of the candidate and the work being performed.

Indigenous people and other people from a non-English speaking background may need additional support.

In cases where practical assessment is used it should be combined with targeted questioning to assess required knowledge.

Required Skills and Knowledge

Required skills

analytical skills to evaluate system security

communication skills to communicate clear concepts and solutions to complex issues

literacy skills to write reports

planning skills to:

develop a security plan

develop a security recovery plan

problem-solving skills to:

manage unpredictable problems involving participation in group solutions and analysis

resolve issues for a mixed mode environment of people and systems processes

research skills to identify, analyse and evaluate weaknesses and strengths of security systems

technical skills to use systems security methodologies and technologies.

Required knowledge

broad knowledge of general features of specific security technology

risk analysis techniques, with broad knowledge of their general features, and depth in security procedures

details of the client organisation

systems management and process control in relation to security

systems technologies, with broad knowledge of their general features and capabilities.

Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

System may include:

application service provider

applications

databases

gateways

internet service provider (ISP)

operating system

servers

wireless network access policies using mobile devices.

Threats may include:

denial of service and by-pass

eavesdropping

hackers

impersonation

manipulation

penetration

viruses.

Security plan may include:

alerts relating directly to the security objectives of the organisation

audits

privacy

standards:

archival

backup

network

theft

viruses.

Security may include:

AAA

Diameter

IPSec

LEAP

PKM

smart cards

SSL

tokens

WEP

WPA.