The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Analyse threats to system
|
|
Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies Completed |
Evidence:
|
Conduct risk analysis on system and document outcomes Completed |
Evidence:
|
Evaluate threats to the system and document findings Completed |
Evidence:
|
Compile and document human interactions with system Completed |
Evidence:
|
Determine risk category
|
|
Conduct a risk assessment on the system and categorise risks Completed |
Evidence:
|
Conduct a risk assessment on human operations and interactions with the system and categorise risks Completed |
Evidence:
|
Match risk plans to risk categories Completed |
Evidence:
|
Determine and plan resources by risk categories Completed |
Evidence:
|
Identify appropriate controls
|
|
Devise and put in place effective controls to manage risk Completed |
Evidence:
|
Design policies and procedures to cover user access of the system Completed |
Evidence:
|
Conduct training in the use of system-related policies and procedures Completed |
Evidence:
|
Monitor high-risk categories at specified periods Completed |
Evidence:
|
Categorise and record system breakdowns Completed |
Evidence:
|
Include controls in the system
|
|
Develop security plan and procedures to include in management system Completed |
Evidence:
|
Develop security recovery plan Completed |
Evidence:
|
Implement system controls to reduce risks in human interaction with the system Completed |
Evidence:
|
Monitor system tools and procedures
|
|
Review and monitor risks and controls using a management review process Completed |
Evidence:
|
Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews Completed |
Evidence:
|
Plan to re-evaluate system and identify new threats and risks Completed |
Evidence:
|