NTISthis.com

Evidence Guide: ICTNWK513 - Manage system security

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTNWK513 - Manage system security

What evidence can you provide to prove your understanding of each of the following citeria?

Analyse threats to system

  1. Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies
  2. Conduct risk analysis on system and document outcomes
  3. Evaluate threats to the system and document findings
  4. Compile and document human interactions with system
Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct risk analysis on system and document outcomes

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Evaluate threats to the system and document findings

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Compile and document human interactions with system

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine risk category

  1. Conduct a risk assessment on the system and categorise risks
  2. Conduct a risk assessment on human operations and interactions with the system and categorise risks
  3. Match risk plans to risk categories
  4. Determine and plan resources by risk categories
Conduct a risk assessment on the system and categorise risks

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct a risk assessment on human operations and interactions with the system and categorise risks

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Match risk plans to risk categories

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine and plan resources by risk categories

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify appropriate controls

  1. Devise and put in place effective controls to manage risk
  2. Design policies and procedures to cover user access of the system
  3. Conduct training in the use of system-related policies and procedures
  4. Monitor high-risk categories at specified periods
  5. Categorise and record system breakdowns
Devise and put in place effective controls to manage risk

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Design policies and procedures to cover user access of the system

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct training in the use of system-related policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Monitor high-risk categories at specified periods

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Categorise and record system breakdowns

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Include controls in the system

  1. Develop security plan and procedures to include in management system
  2. Develop security recovery plan
  3. Implement system controls to reduce risks in human interaction with the system
Develop security plan and procedures to include in management system

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop security recovery plan

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Implement system controls to reduce risks in human interaction with the system

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Monitor system tools and procedures

  1. Review and monitor risks and controls, using a management review process
  2. Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews
  3. Plan to re-evaluate system and identify new threats and risks
Review and monitor risks and controls, using a management review process

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Plan to re-evaluate system and identify new threats and risks

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Analyse threats to system

1.1 Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies

1.2 Conduct risk analysis on system and document outcomes

1.3 Evaluate threats to the system and document findings

1.4 Compile and document human interactions with system

2. Determine risk category

2.1 Conduct a risk assessment on the system and categorise risks

2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks

2.3 Match risk plans to risk categories

2.4 Determine and plan resources by risk categories

3. Identify appropriate controls

3.1 Devise and put in place effective controls to manage risk

3.2 Design policies and procedures to cover user access of the system

3.3 Conduct training in the use of system-related policies and procedures

3.4 Monitor high-risk categories at specified periods

3.5 Categorise and record system breakdowns

4. Include controls in the system

4.1 Develop security plan and procedures to include in management system

4.2 Develop security recovery plan

4.3 Implement system controls to reduce risks in human interaction with the system

5. Monitor system tools and procedures

5.1 Review and monitor risks and controls, using a management review process

5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews

5.3 Plan to re-evaluate system and identify new threats and risks

Required Skills and Knowledge

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Analyse threats to system

1.1 Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies

1.2 Conduct risk analysis on system and document outcomes

1.3 Evaluate threats to the system and document findings

1.4 Compile and document human interactions with system

2. Determine risk category

2.1 Conduct a risk assessment on the system and categorise risks

2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks

2.3 Match risk plans to risk categories

2.4 Determine and plan resources by risk categories

3. Identify appropriate controls

3.1 Devise and put in place effective controls to manage risk

3.2 Design policies and procedures to cover user access of the system

3.3 Conduct training in the use of system-related policies and procedures

3.4 Monitor high-risk categories at specified periods

3.5 Categorise and record system breakdowns

4. Include controls in the system

4.1 Develop security plan and procedures to include in management system

4.2 Develop security recovery plan

4.3 Implement system controls to reduce risks in human interaction with the system

5. Monitor system tools and procedures

5.1 Review and monitor risks and controls, using a management review process

5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews

5.3 Plan to re-evaluate system and identify new threats and risks

Evidence of the ability to:

implement and manage security functions on a system

conduct risk assessment

set up effective controls to manage risk

develop security plan and security recovery plan

monitor risks and controls

review risk analysis process.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

summarise the general features of specific security technologies

describe risk analysis techniques, with a focus on their general features, and depth in security procedures

describe the common security requirements of a client’s organisation, including:

threats

security techniques and technologies

outline systems management and process control in relation to security

explain systems technologies, including a broad summary of their general features and capabilities.