NTISthis.com

Evidence Guide: PSPSEC004 - Undertake information technology security audits

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

PSPSEC004 - Undertake information technology security audits

What evidence can you provide to prove your understanding of each of the following citeria?

Plan security audit

  1. Identify the scope and objectives of the audit and prepare an audit plan to meet the objectives.
  2. Identify the organisation’s information systems to be included in the audit plan.
  3. Advise appropriate personnel of the audit plan and its requirements.
  4. Identify and prioritise possible sources of security risk and prepare an audit checklist.
Identify the scope and objectives of the audit and prepare an audit plan to meet the objectives.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify the organisation’s information systems to be included in the audit plan.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Advise appropriate personnel of the audit plan and its requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify and prioritise possible sources of security risk and prepare an audit checklist.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct security audit

  1. Identify and analyse systems, procedures, records and documents.
  2. Conduct audit in accordance with the audit plan.
  3. Record audit activities.
  4. Identify situations requiring specialist input or referral to other areas and act on referral.
Identify and analyse systems, procedures, records and documents.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct audit in accordance with the audit plan.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Record audit activities.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify situations requiring specialist input or referral to other areas and act on referral.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Report on security findings

  1. Maintain audit records and prepare audit reports.
  2. Produce report including background, scope, outcomes and recommendations.
  3. Use language and style to suit the audience and in line with organisational requirements for accuracy and timeliness.
  4. Support recommendations with evidence and highlight actions identifying person/s responsible for implementation.
Maintain audit records and prepare audit reports.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Produce report including background, scope, outcomes and recommendations.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Use language and style to suit the audience and in line with organisational requirements for accuracy and timeliness.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Support recommendations with evidence and highlight actions identifying person/s responsible for implementation.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Plan security audit

  1. Identify the scope and objectives of the audit and prepare an audit plan to meet the objectives.
  2. Identify the organisation’s information systems to be included in the audit plan.
  3. Advise appropriate personnel of the audit plan and its requirements.
  4. Identify and prioritise possible sources of security risk and prepare an audit checklist.
Identify the scope and objectives of the audit and prepare an audit plan to meet the objectives.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify the organisation’s information systems to be included in the audit plan.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Advise appropriate personnel of the audit plan and its requirements.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify and prioritise possible sources of security risk and prepare an audit checklist.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct security audit

  1. Identify and analyse systems, procedures, records and documents.
  2. Conduct audit in accordance with the audit plan.
  3. Record audit activities.
  4. Identify situations requiring specialist input or referral to other areas and act on referral.
Identify and analyse systems, procedures, records and documents.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct audit in accordance with the audit plan.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Record audit activities.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify situations requiring specialist input or referral to other areas and act on referral.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Report on security findings

  1. Maintain audit records and prepare audit reports.
  2. Produce report including background, scope, outcomes and recommendations.
  3. Use language and style to suit the audience and in line with organisational requirements for accuracy and timeliness.
  4. Support recommendations with evidence and highlight actions identifying person/s responsible for implementation.
Maintain audit records and prepare audit reports.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Produce report including background, scope, outcomes and recommendations.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Use language and style to suit the audience and in line with organisational requirements for accuracy and timeliness.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Support recommendations with evidence and highlight actions identifying person/s responsible for implementation.

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENTS

PERFORMANCE CRITERIA

Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.

1. Plan security audit

1.1 Identify the scope and objectives of the audit and prepare an audit plan to meet the objectives.

1.2 Identify the organisation’s information systems to be included in the audit plan.

1.3 Advise appropriate personnel of the audit plan and its requirements.

1.4 Identify and prioritise possible sources of security risk and prepare an audit checklist.

2. Conduct security audit

2.1 Identify and analyse systems, procedures, records and documents.

2.2 Conduct audit in accordance with the audit plan.

2.3 Record audit activities.

2.4 Identify situations requiring specialist input or referral to other areas and act on referral.

3. Report on security findings

3.1 Maintain audit records and prepare audit reports.

3.2 Produce report including background, scope, outcomes and recommendations.

3.3 Use language and style to suit the audience and in line with organisational requirements for accuracy and timeliness.

3.4 Support recommendations with evidence and highlight actions identifying person/s responsible for implementation.

Required Skills and Knowledge

ELEMENTS

PERFORMANCE CRITERIA

Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.

1. Plan security audit

1.1 Identify the scope and objectives of the audit and prepare an audit plan to meet the objectives.

1.2 Identify the organisation’s information systems to be included in the audit plan.

1.3 Advise appropriate personnel of the audit plan and its requirements.

1.4 Identify and prioritise possible sources of security risk and prepare an audit checklist.

2. Conduct security audit

2.1 Identify and analyse systems, procedures, records and documents.

2.2 Conduct audit in accordance with the audit plan.

2.3 Record audit activities.

2.4 Identify situations requiring specialist input or referral to other areas and act on referral.

3. Report on security findings

3.1 Maintain audit records and prepare audit reports.

3.2 Produce report including background, scope, outcomes and recommendations.

3.3 Use language and style to suit the audience and in line with organisational requirements for accuracy and timeliness.

3.4 Support recommendations with evidence and highlight actions identifying person/s responsible for implementation.

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least two occasions.

applying legislation, regulations and policies relating to information technology security audits and government security management

gathering, analysing and recording data

using computer applications to undertake security audits

managing risk in the context of government security management

engaging in discussion involving exchanges of complex information

responding to diversity

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate.

legislation, regulations, policies, procedures and guidelines relating to information technology security audits

operational knowledge of policies and procedures in regard to use of information technology systems

organisation’s security plan

information technology systems and architecture

use and maintenance of hardware and software systems

Australian Audit Standards

aspects of criminal law and administrative law relating to the outcomes of compliance audits

protocols for reporting fraud, corruption, maladministration and security breaches

fundamental ethical principles in the handling of documents and information, natural justice, procedural fairness, respect for persons and responsible care