The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Identify threats to network
|
|
Conduct a network infrastructure analysis to understand network complexity Completed |
Evidence:
|
Determine risk category of each point on the network Completed |
Evidence:
|
Analyse approved user point of contact with network Completed |
Evidence:
|
Determine non-authorised user points of contact with the network Completed |
Evidence:
|
Conduct risk analysis on each identified category Completed |
Evidence:
|
Audit and document logs of current system Completed |
Evidence:
|
Determine risk of network failure
|
|
Undertake security analysis of risk data on each network category Completed |
Evidence:
|
Review log usage files Completed |
Evidence:
|
Analyse user points of contact with the network for weaknesses Completed |
Evidence:
|
Conduct threat assessment matrix on network Completed |
Evidence:
|
Design network security requirements that fit with organisational systems plans and procedures Completed |
Evidence:
|
Design audit trails that incorporate user tracking to determine risk Completed |
Evidence:
|
Plan suitable control methods for the network
|
|
Plan control methods for managing user access Completed |
Evidence:
|
Review controls over data input, output, files permissions, log-on and processing Completed |
Evidence:
|
Manage external and internal permission structures Completed |
Evidence:
|
Design automatic intrusion notification processes in line with systems management policy Completed |
Evidence:
|
Document controls for security and risk issues Completed |
Evidence:
|
Obtain approval from approved security senior management for the design of the control Completed |
Evidence:
|
Incorporate controls into the network
|
|
Add network controls to the network in line with system security polices and procedures Completed |
Evidence:
|
Document user access security provisions by user classification at program, record or field level, and include procedures for controlling the security provisions according to client requirements Completed |
Evidence:
|
Implement additional security facilities
|
|
Review external or intranet access, using appropriate software control mechanisms Completed |
Evidence:
|
Evaluate firewalls and record findings and preferences in rank order Completed |
Evidence:
|
Investigate and consider use of a 'demilitarised zone' (DMZ) Completed |
Evidence:
|
Install and configure firewall in accordance with manufacturer recommendations and security standards Completed |
Evidence:
|
Make recommendations for additional equipment Completed |
Evidence:
|
Install approved equipment and configure to provide required levels of security Completed |
Evidence:
|