NTISthis.com

Evidence Guide: PSPSEC013 - Implement and monitor security risk management plans

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

PSPSEC013 - Implement and monitor security risk management plans

What evidence can you provide to prove your understanding of each of the following citeria?

Implement security plan

  1. Implement countermeasures and treat security risks.
  2. Follow and meet timeframes and budgetary requirements.
  3. Comply with legal, government and organisational policy requirements.
  4. Document and monitor residual risks.
Implement countermeasures and treat security risks.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Follow and meet timeframes and budgetary requirements.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Comply with legal, government and organisational policy requirements.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Document and monitor residual risks.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor the risk environment

  1. Determine and document strategies to monitor the risk environment.
  2. Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities.
  3. Conduct monitoring on a regular basis.
  4. Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary.
  5. Document and act upon results of monitoring.
Determine and document strategies to monitor the risk environment.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Conduct monitoring on a regular basis.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Document and act upon results of monitoring.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Evaluate security plan

  1. Monitor risk treatments to gauge extent and effectiveness of implementation.
  2. Evaluate treatments against the objectives of the security plan.
  3. Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area.
  4. Identify and address weaknesses in the security plan.
  5. Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances.
  6. Update the plan to reflect current circumstances.
Monitor risk treatments to gauge extent and effectiveness of implementation.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Evaluate treatments against the objectives of the security plan.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Identify and address weaknesses in the security plan.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Update the plan to reflect current circumstances.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Implement security plan

  1. Implement countermeasures and treat security risks.
  2. Follow and meet timeframes and budgetary requirements.
  3. Comply with legal, government and organisational policy requirements.
  4. Document and monitor residual risks.
Implement countermeasures and treat security risks.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Follow and meet timeframes and budgetary requirements.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Comply with legal, government and organisational policy requirements.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Document and monitor residual risks.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor the risk environment

  1. Determine and document strategies to monitor the risk environment.
  2. Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities.
  3. Conduct monitoring on a regular basis.
  4. Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary.
  5. Document and act upon results of monitoring.
Determine and document strategies to monitor the risk environment.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Conduct monitoring on a regular basis.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Document and act upon results of monitoring.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Evaluate security plan

  1. Monitor risk treatments to gauge extent and effectiveness of implementation.
  2. Evaluate treatments against the objectives of the security plan.
  3. Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area.
  4. Identify and address weaknesses in the security plan.
  5. Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances.
  6. Update the plan to reflect current circumstances.
Monitor risk treatments to gauge extent and effectiveness of implementation.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Evaluate treatments against the objectives of the security plan.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Identify and address weaknesses in the security plan.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Update the plan to reflect current circumstances.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

ELEMENTS

PERFORMANCE CRITERIA

Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.

1. Implement security plan

1.1 Implement countermeasures and treat security risks.

1.2 Follow and meet timeframes and budgetary requirements.

1.3 Comply with legal, government and organisational policy requirements.

1.4 Document and monitor residual risks.

2. Monitor the risk environment

2.1 Determine and document strategies to monitor the risk environment.

2.2 Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities.

2.3 Conduct monitoring on a regular basis.

2.4 Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary.

2.5 Document and act upon results of monitoring.

3. Evaluate security plan

3.1 Monitor risk treatments to gauge extent and effectiveness of implementation.

3.2 Evaluate treatments against the objectives of the security plan.

3.3 Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area.

3.4 Identify and address weaknesses in the security plan.

3.5 Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances.

3.6 Update the plan to reflect current circumstances.

Required Skills and Knowledge

ELEMENTS

PERFORMANCE CRITERIA

Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.

1. Implement security plan

1.1 Implement countermeasures and treat security risks.

1.2 Follow and meet timeframes and budgetary requirements.

1.3 Comply with legal, government and organisational policy requirements.

1.4 Document and monitor residual risks.

2. Monitor the risk environment

2.1 Determine and document strategies to monitor the risk environment.

2.2 Monitor security risks, types and sources of threats to detect changing circumstances that may alter risk management priorities.

2.3 Conduct monitoring on a regular basis.

2.4 Monitor organisational changes to identify circumstances where re-examination of the security environment becomes necessary.

2.5 Document and act upon results of monitoring.

3. Evaluate security plan

3.1 Monitor risk treatments to gauge extent and effectiveness of implementation.

3.2 Evaluate treatments against the objectives of the security plan.

3.3 Obtain feedback from stakeholders on the adequacy and need for current security measures affecting their work area.

3.4 Identify and address weaknesses in the security plan.

3.5 Review the plan on an ongoing basis, to detect exceptional incidents, breaches, and changes in circumstances.

3.6 Update the plan to reflect current circumstances.

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the candidate must demonstrate evidence of performance of the following on at least two occasions.

applying legislation, regulations and policies relating to security risk management

auditing in the context of security risk management

communicating with diverse stakeholders involving presentation, listening, questioning, paraphrasing, clarifying, summarising

reading and analysing complex information in standards and security plans

writing reports requiring formal language and structure

representing numerical, graphical and statistical information in diverse formats

Evidence required to demonstrate competence must satisfy all of the requirements of the elements and performance criteria. If not otherwise specified the depth of knowledge demonstrated must be appropriate to the job context of the candidate.

Operational knowledge of:

public service Acts

Crimes Act 1914 and Criminal Code 1985

Freedom of Information Act 1982

Privacy Act 1988

fraud control policy

protective security policy

Complex knowledge of:

Australian Government Information Security Manual (ISM)

Protective Security Policy Framework

Australian standards, quality assurance and certification requirements

organisation’s strategic objectives and security plan

national strategic objectives

security constraints

equal employment opportunity, equity and diversity principles

public sector legislation, including WHS and environment, in the context of implementation and monitoring of security risk management plans