NTISthis.com

Evidence Guide: ICTNWK519 - Design an ICT security framework

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTNWK519 - Design an ICT security framework

What evidence can you provide to prove your understanding of each of the following citeria?

Research ICT security requirements

  1. Investigate and gather statutory, commercial and application security requirements
  2. Assess impact on the existing ICT system
  3. Identify additional ICT security requirements
  4. Document security requirements and forward to appropriate person for approval
Investigate and gather statutory, commercial and application security requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assess impact on the existing ICT system

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify additional ICT security requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document security requirements and forward to appropriate person for approval

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct risk analysis

  1. Identify security threats and determine security specifications, taking into account the internal and external business environment
  2. Develop controls and contingencies to alleviate security threats
  3. Identify the costs associated with contingencies
  4. Document and forward recommendations to appropriate person for approval
Identify security threats and determine security specifications, taking into account the internal and external business environment

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop controls and contingencies to alleviate security threats

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify the costs associated with contingencies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document and forward recommendations to appropriate person for approval

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop ICT security policy and operational procedures

  1. Review feedback from appropriate person to determine how to manage security threats
  2. Develop security policies based on the security strategy
  3. Create and document work procedures based on the security policies
  4. Document operating procedures and forward to appropriate person for approval
  5. Take action to ensure confidentiality of client and user information
  6. Apply statutory requirements to policy and procedures
Review feedback from appropriate person to determine how to manage security threats

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop security policies based on the security strategy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Create and document work procedures based on the security policies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document operating procedures and forward to appropriate person for approval

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Take action to ensure confidentiality of client and user information

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Apply statutory requirements to policy and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Research ICT security requirements

1.1 Investigate and gather statutory, commercial and application security requirements

1.2 Assess impact on the existing ICT system

1.3 Identify additional ICT security requirements

1.4 Document security requirements and forward to appropriate person for approval

2. Conduct risk analysis

2.1 Identify security threats and determine security specifications, taking into account the internal and external business environment

2.2 Develop controls and contingencies to alleviate security threats

2.3 Identify the costs associated with contingencies

2.4 Document and forward recommendations to appropriate person for approval

3. Develop ICT security policy and operational procedures

3.1 Review feedback from appropriate person to determine how to manage security threats

3.2 Develop security policies based on the security strategy

3.3 Create and document work procedures based on the security policies

3.4 Document operating procedures and forward to appropriate person for approval

3.5 Take action to ensure confidentiality of client and user information

3.6 Apply statutory requirements to policy and procedures

Required Skills and Knowledge

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Research ICT security requirements

1.1 Investigate and gather statutory, commercial and application security requirements

1.2 Assess impact on the existing ICT system

1.3 Identify additional ICT security requirements

1.4 Document security requirements and forward to appropriate person for approval

2. Conduct risk analysis

2.1 Identify security threats and determine security specifications, taking into account the internal and external business environment

2.2 Develop controls and contingencies to alleviate security threats

2.3 Identify the costs associated with contingencies

2.4 Document and forward recommendations to appropriate person for approval

3. Develop ICT security policy and operational procedures

3.1 Review feedback from appropriate person to determine how to manage security threats

3.2 Develop security policies based on the security strategy

3.3 Create and document work procedures based on the security policies

3.4 Document operating procedures and forward to appropriate person for approval

3.5 Take action to ensure confidentiality of client and user information

3.6 Apply statutory requirements to policy and procedures

Evidence of the ability to:

research and assess security framework requirements with consideration of statutory and commercial requirements

determine the security risks and develop controls and contingencies

identify costs associated

document the security framework and obtain approval

develop security policies and operating procedures.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

summarise the design criteria for a security framework, including:

the client business domain

legislation relating to information and communications technology (ICT) security

current industry accepted hardware

current industry software products

security features and capabilities

operating systems

risk relating to ICT security

identify and outline relevant privacy legislation

identify and outline common security considerations for businesses, including:

typical environments

threats

policies and strategies.