NTISthis.com

Evidence Guide: ICTNWK520 - Design ICT system security controls

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTNWK520 - Design ICT system security controls

What evidence can you provide to prove your understanding of each of the following citeria?

Review organisational security policy and procedures

  1. Review business environment to identify existing requirements
  2. Determine organisational goals for legal and security requirements
  3. Verify security needs in a policy document
  4. Determine legislative impact on business domain
  5. Gather and document objective evidence on current security threats
  6. Identify options for using internal and external expertise
  7. Establish and document a standard methodology for performing security tests
Review business environment to identify existing requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine organisational goals for legal and security requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Verify security needs in a policy document

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine legislative impact on business domain

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Gather and document objective evidence on current security threats

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify options for using internal and external expertise

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish and document a standard methodology for performing security tests

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop security plan

  1. Investigate theoretical attacks and threats on the business
  2. Evaluate risks and threats associated with the investigation
  3. Prioritise assessment results and write security policy
  4. Document information related to attacks, threats, risks and controls in a security plan
  5. Review the security strategy with security approved key stakeholders
  6. Integrate approved changes into business plan and ensure compliance with statutory requirements
Investigate theoretical attacks and threats on the business

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Evaluate risks and threats associated with the investigation

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Prioritise assessment results and write security policy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document information related to attacks, threats, risks and controls in a security plan

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review the security strategy with security approved key stakeholders

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Integrate approved changes into business plan and ensure compliance with statutory requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Design controls to be incorporated into system

  1. Implement controls in a procedurally organised manner to ensure minimum risk of security breach in line with organisational guidelines
  2. Monitor each phase of the implementation to determine the impact on the business
  3. Take corrective action on system implementation breakdown
  4. Record implementation process
  5. Evaluate corrective actions for risk
  6. Plan risk assessment review process
  7. Take action to ensure confidentiality throughout all phases of design
Implement controls in a procedurally organised manner to ensure minimum risk of security breach in line with organisational guidelines

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Monitor each phase of the implementation to determine the impact on the business

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Take corrective action on system implementation breakdown

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Record implementation process

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Evaluate corrective actions for risk

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Plan risk assessment review process

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Take action to ensure confidentiality throughout all phases of design

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Review organisational security policy and procedures

1.1 Review business environment to identify existing requirements

1.2 Determine organisational goals for legal and security requirements

1.3 Verify security needs in a policy document

1.4 Determine legislative impact on business domain

1.5 Gather and document objective evidence on current security threats

1.6 Identify options for using internal and external expertise

1.7 Establish and document a standard methodology for performing security tests

2. Develop security plan

2.1 Investigate theoretical attacks and threats on the business

2.2 Evaluate risks and threats associated with the investigation

2.3 Prioritise assessment results and write security policy

2.4 Document information related to attacks, threats, risks and controls in a security plan

2.5 Review the security strategy with security approved key stakeholders

2.6 Integrate approved changes into business plan and ensure compliance with statutory requirements

3. Design controls to be incorporated into system

3.1 Implement controls in a procedurally organised manner to ensure minimum risk of security breach in line with organisational guidelines

3.2 Monitor each phase of the implementation to determine the impact on the business

3.3 Take corrective action on system implementation breakdown

3.4 Record implementation process

3.5 Evaluate corrective actions for risk

3.6 Plan risk assessment review process

3.7 Take action to ensure confidentiality throughout all phases of design

Required Skills and Knowledge

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Review organisational security policy and procedures

1.1 Review business environment to identify existing requirements

1.2 Determine organisational goals for legal and security requirements

1.3 Verify security needs in a policy document

1.4 Determine legislative impact on business domain

1.5 Gather and document objective evidence on current security threats

1.6 Identify options for using internal and external expertise

1.7 Establish and document a standard methodology for performing security tests

2. Develop security plan

2.1 Investigate theoretical attacks and threats on the business

2.2 Evaluate risks and threats associated with the investigation

2.3 Prioritise assessment results and write security policy

2.4 Document information related to attacks, threats, risks and controls in a security plan

2.5 Review the security strategy with security approved key stakeholders

2.6 Integrate approved changes into business plan and ensure compliance with statutory requirements

3. Design controls to be incorporated into system

3.1 Implement controls in a procedurally organised manner to ensure minimum risk of security breach in line with organisational guidelines

3.2 Monitor each phase of the implementation to determine the impact on the business

3.3 Take corrective action on system implementation breakdown

3.4 Record implementation process

3.5 Evaluate corrective actions for risk

3.6 Plan risk assessment review process

3.7 Take action to ensure confidentiality throughout all phases of design

Evidence of the ability to:

review organisational security policies and procedures

establish realistic security procedures

design security plan and controls for a system

develop a security control strategy

oversee the implementation and evaluation of the strategy.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

To complete the unit requirements safely and effectively, the individual must:

describe communications security, including human organisational interactions

describe how to conduct an information security risk assessment

identify and summarise internet security technologies and processes, including:

firewalls

physical security

security testing methods for performing security tests

wireless security

security threats

the impact of security policies, plans and strategies

general features of specific security technology

risk assessment

describe current industry accepted security processes, including general features and capabilities of software and hardware solutions

outline the legal and ethical standards expected when considering security controls, including:

ethics in information and communications technology (ICT)

privacy issues

legislation

summarise the need for developing organisational guidelines, processes, policies and procedures.