The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Develop the incident response program
|
|
Develop the incident management policy Completed |
Evidence:
|
Identify the services the incident response team should provide Completed |
Evidence:
|
Create incident response plans according to security policy and organisational goals Completed |
Evidence:
|
Develop procedures for incident handling and reporting Completed |
Evidence:
|
Create incident response exercises and red-teaming activities Completed |
Evidence:
|
Develop specific processes for collecting and protecting forensic evidence during incident response Completed |
Evidence:
|
Specify incident response staffing and training requirements Completed |
Evidence:
|
Establish the response program Completed |
Evidence:
|
Implement the incident response program
|
|
Apply response actions in reaction to security incidents according to established policy, plans and procedures Completed |
Evidence:
|
Respond to and report incidents Completed |
Evidence:
|
Assist in collecting, processing and preserving evidence according to requirements Completed |
Evidence:
|
Execute incident response plans Completed |
Evidence:
|
Execute red-teaming activities and incident response exercises Completed |
Evidence:
|
Ensure lessons learned from incidents are collected in a timely manner and are incorporated into review plans Completed |
Evidence:
|
Collect, analyse and report incident management measures Completed |
Evidence:
|
Evaluate the incident response program
|
|
Assess efficiency and effectiveness of incident response program activities and implement changes as required Completed |
Evidence:
|
Examine effectiveness of red teaming and incident response tests, training and exercises Completed |
Evidence:
|
Assess effectiveness of communication between incident response team and related internal and external organisations, implementing changes where appropriate Completed |
Evidence:
|
Identify and implement improvements based on assessments of effectiveness Completed |
Evidence:
|