The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Plan information security strategies
|
|
Discuss implementation opportunities for organisational information security strategies with required personnel Completed |
Evidence:
|
Gain management buy in and approval in planning and implementing information security strategy Completed |
Evidence:
|
Identify and confirm organisational policies including password policies, bring your own device (BYOD) and on boarding processes with required personnel Completed |
Evidence:
|
Analyse organisational environments, processes and risk profile requirements Completed |
Evidence:
|
Identify legislation and industry requirements to implement information security strategies in an organisation Completed |
Evidence:
|
Design and implement information security strategy
|
|
Develop action plan with specific goals and objectives of information security strategy according to organisational needs Completed |
Evidence:
|
Design secure network infrastructure and security strategy according to organisational needs Completed |
Evidence:
|
Analyse data classifications and levels of access in operational processes and integrate with strategy Completed |
Evidence:
|
Document designed information security strategy according to organisational procedures Completed |
Evidence:
|
Implement information security strategy according to design and organisational needs Completed |
Evidence:
|
Test and finalise information security strategy
|
|
Establish security baselines and metrics according to organisational needs Completed |
Evidence:
|
Perform testing procedures and confirm information security strategy addresses organisational needs Completed |
Evidence:
|
Record and compare test results to established metrics and benchmarks Completed |
Evidence:
|
Finalise documentation and report information security strategy outcomes to required personnel Completed |
Evidence:
|
Obtain feedback from required personnel and amend information security strategy accordingly Completed |
Evidence:
|
Review final information security strategy and obtain sign-off from required personnel Completed |
Evidence:
|