NTISthis.com

Evidence Guide: ICTCYS609 - Evaluate threats and vulnerabilities of IoT devices

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTCYS609 - Evaluate threats and vulnerabilities of IoT devices

What evidence can you provide to prove your understanding of each of the following citeria?

Develop evaluation strategy

  1. Research and determine an organisation’s requirements for evaluation of IoT devices
  2. Research organisational operations, environment and culture and determine perceived threats and vulnerabilities
  3. Develop and document evaluation strategy according to organisational requirements, policies and procedures
  4. Submit evaluation strategy to required personnel and seek and respond to feedback
Research and determine an organisation’s requirements for evaluation of IoT devices

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Research organisational operations, environment and culture and determine perceived threats and vulnerabilities

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop and document evaluation strategy according to organisational requirements, policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Submit evaluation strategy to required personnel and seek and respond to feedback

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Prepare to valuate IoT devices

  1. Prepare devices for evaluation according to technical specifications
  2. Secure data and networks according to technical specifications
  3. Run evaluation according to documented strategy and organisational policies and procedures
  4. Confirm and document identified vulnerabilities and threats according to organisational policies and procedures
  5. Document evaluation results according to organisational guidelines and requirements
Prepare devices for evaluation according to technical specifications

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Secure data and networks according to technical specifications

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Run evaluation according to documented strategy and organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Confirm and document identified vulnerabilities and threats according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document evaluation results according to organisational guidelines and requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Interpret and finalise findings

  1. Analyse evaluation findings and determine completeness and accuracy
  2. Categorise negative findings into threats and vulnerability and determine level of potential impact to operational activities
  3. Develop and document recommendations to remediate threat potential and lessen vulnerabilities
  4. Document finalised results and recommendations according to organisational requirements
  5. Lodge documentation according to organisational policies and procedures
Analyse evaluation findings and determine completeness and accuracy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Categorise negative findings into threats and vulnerability and determine level of potential impact to operational activities

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop and document recommendations to remediate threat potential and lessen vulnerabilities

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document finalised results and recommendations according to organisational requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Lodge documentation according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

research and analyse an organisation’s internal and external operating culture, systems and networks to evaluate threats and vulnerabilities of IoT devices and interpret findings from at least three different IoT devices.

In the course of the above, the candidate must:

document processes and outcomes.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

security risks and vulnerabilities in software systems

security risks and vulnerabilities of IoT devices

tools used in testing a network for vulnerabilities of IoT devices

tools used in testing a network for threats and vulnerabilities

penetration testing methodologies required to evaluate threats and vulnerabilities of IoT devices

risk mitigation strategies

organisational procedures applicable to running vulnerability and threat assessments for IoT devices, including:

establishing goals and objectives of vulnerability assessments

defining scope of testing and establishment of testing regime

documenting established requirements

establishing penetration testing procedures

documenting findings, threats and work performed

key organisational environments, systems and networks required to evaluate threats and vulnerabilities of IoT devices.