NTISthis.com

Evidence Guide: ICTSAS418 - Monitor and administer security of an ICT system

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTSAS418 - Monitor and administer security of an ICT system

What evidence can you provide to prove your understanding of each of the following citeria?

Ensure user accounts are controlled

  1. Modify default user settings to ensure they conform to security policy
  2. Modify previously created user settings to ensure they conform to updated security policy
  3. Ensure legal notices displayed at logon are appropriate
  4. Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity
  5. Take action to ensure password procedures are reviewed with appropriate other internal departments
  6. Monitor email to uncover breaches in compliance with legislation
  7. Access information services to identify security gaps and take appropriate action using hardware and software or patches
Modify default user settings to ensure they conform to security policy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Modify previously created user settings to ensure they conform to updated security policy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Ensure legal notices displayed at logon are appropriate

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Take action to ensure password procedures are reviewed with appropriate other internal departments

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Monitor email to uncover breaches in compliance with legislation

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Access information services to identify security gaps and take appropriate action using hardware and software or patches

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Secure file and resource access

  1. Review inbuilt security and access features of the operating system and consider need for further action
  2. Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security
  3. Monitor and record security threats to the system
  4. Implement a virus checking process and schedule for the server, computer and other system components
  5. Investigate and implement inbuilt or additional encryption facilities
Review inbuilt security and access features of the operating system and consider need for further action

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Monitor and record security threats to the system

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Implement a virus checking process and schedule for the server, computer and other system components

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Investigate and implement inbuilt or additional encryption facilities

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Monitor threats to the network

  1. Use third-party software or utilities to evaluate and report on system security
  2. Review logs and audit reports to identify security threats
  3. Carry out spot checks and other security strategies to ensure that procedures are being followed
  4. Prepare and present an audit report and recommendations to appropriate person
  5. Obtain approval for recommended changes to be made
Use third-party software or utilities to evaluate and report on system security

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review logs and audit reports to identify security threats

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Carry out spot checks and other security strategies to ensure that procedures are being followed

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Prepare and present an audit report and recommendations to appropriate person

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Obtain approval for recommended changes to be made

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Ensure user accounts are controlled

1.1 Modify default user settings to ensure they conform to security policy

1.2 Modify previously created user settings to ensure they conform to updated security policy

1.3 Ensure legal notices displayed at logon are appropriate

1.4 Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity

1.5 Take action to ensure password procedures are reviewed with appropriate other internal departments

1.6 Monitor email to uncover breaches in compliance with legislation

1.7 Access information services to identify security gaps and take appropriate action using hardware and software or patches

2. Secure file and resource access

2.1 Review inbuilt security and access features of the operating system and consider need for further action

2.2 Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security

2.3 Monitor and record security threats to the system

2.4 Implement a virus checking process and schedule for the server, computer and other system components

2.5 Investigate and implement inbuilt or additional encryption facilities

3. Monitor threats to the network

3.1 Use third-party software or utilities to evaluate and report on system security

3.2 Review logs and audit reports to identify security threats

3.3 Carry out spot checks and other security strategies to ensure that procedures are being followed

3.4 Prepare and present an audit report and recommendations to appropriate person

3.5 Obtain approval for recommended changes to be made

Required Skills and Knowledge

ELEMENT

PERFORMANCE CRITERIA

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Ensure user accounts are controlled

1.1 Modify default user settings to ensure they conform to security policy

1.2 Modify previously created user settings to ensure they conform to updated security policy

1.3 Ensure legal notices displayed at logon are appropriate

1.4 Check strength of passwords using the appropriate utilities and consider tightening rules for password complexity

1.5 Take action to ensure password procedures are reviewed with appropriate other internal departments

1.6 Monitor email to uncover breaches in compliance with legislation

1.7 Access information services to identify security gaps and take appropriate action using hardware and software or patches

2. Secure file and resource access

2.1 Review inbuilt security and access features of the operating system and consider need for further action

2.2 Develop or review the file security categorisation scheme, and develop an understanding of the role of users in setting security

2.3 Monitor and record security threats to the system

2.4 Implement a virus checking process and schedule for the server, computer and other system components

2.5 Investigate and implement inbuilt or additional encryption facilities

3. Monitor threats to the network

3.1 Use third-party software or utilities to evaluate and report on system security

3.2 Review logs and audit reports to identify security threats

3.3 Carry out spot checks and other security strategies to ensure that procedures are being followed

3.4 Prepare and present an audit report and recommendations to appropriate person

3.5 Obtain approval for recommended changes to be made

Evidence of the ability to:

review user accounts for their security control

identify security features available in the operating environment

monitor, document and administer security functions on the system

monitor threats to the network using:

third-party diagnostic tools

implementation of virus checking process and schedule

preparation of an audit report and recommendations.

Note: Evidence must be provided for at least TWO systems or occasions.

To complete the unit requirements safely and effectively, the individual must:

describe the key features of current industry accepted hardware and software products related to IT security

discuss privacy issues and legislation with regard to IT security

explain the key components of risk analysis process for system security

describe the key features of specific security technology and systems technologies

analyse the client business domain, including client organisation structure and business functionality.