Develop, implement and evaluate system and application security

Formats and tools

Unit Description
Reconstruct the unit from the xml and display it as an HTML page.
Assessment Tool
an assessor resource that builds a framework for writing an assessment tool
Assessment Template
generate a spreadsheet for marking this unit in a classroom environment. Put student names in the top row and check them off as they demonstrate competenece for each of the unit's elements and performance criteria.
Assessment Matrix
a slightly different format than the assessment template. A spreadsheet with unit names, elements and performance criteria in separate columns. Put assessment names in column headings to track which performance criteria each one covers. Good for ensuring that you've covered every one of the performance criteria with your assessment instrument (all assessement tools together).
Wiki Markup
mark up the unit in a wiki markup codes, ready to copy and paste into a wiki page. The output will work in most wikis but is designed to work particularly well as a Wikiversity learning project.
Evidence Guide
create an evidence guide for workplace assessment and RPL applicants
Competency Mapping Template
Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners. A template for developing assessments for a unit, which will help you to create valid, fair and reliable assessments for the unit, ready to give to trainers and students
Observation Checklist
create an observation checklist for workplace assessment and RPL applicants. This is similar to the evidence guide above, but a little shorter and friendlier on your printer. You will also need to create a seperate Assessor Marking Guide for guidelines on gathering evidence and a list of key points for each activity observed using the unit's range statement, required skills and evidence required (see the unit's html page for details)

Self Assessment Survey
A form for students to assess thier current skill levels against each of the unit's performance criteria. Cut and paste into a web document or print and distribute in hard copy.
Moodle Outcomes
Create a csv file of the unit's performance criteria to import into a moodle course as outcomes, ready to associate with each of your assignments. Here's a quick 'how to' for importing these into moodle 2.x
Registered Training Organisations
Trying to find someone to train or assess you? This link lists all the RTOs that are currently registered to deliver ICAI5250A, 'Develop, implement and evaluate system and application security'.
Google Links
links to google searches, with filtering in place to maximise the usefulness of the returned results
Books
Reference books for 'Develop, implement and evaluate system and application security' on fishpond.com.au. This online store has a huge range of books, pretty reasonable prices, free delivery in Australia *and* they give a small commission to ntisthis.com for every purchase, so go nuts :)


Elements and Performance Criteria

ELEMENT

PERFORMANCE CRITERIA

1. Develop system and application security

1.1. Specify the enterprise and IT system or application security policies

1.2. Specify the security requirements for the IT system or application

1.3. Author an IT system or application security plan in accordance with the enterprise and IT system or application security policies

1.4. Identify the standards against which to engineer the IT system or application

1.5. Specify the criteria for performing risk-based audits against the IT system or application

1.6. Develop processes and procedures to mitigate the introduction of vulnerabilities during the engineering process

1.7. Integrate applicable information security requirements, controls, processes, and procedures into IT system and application design specifications in accordance with established requirements.

2. Implement system and application security

2.1. Execute the enterprise and IT system or application security policies

2.2. Apply and verify compliance with the identified standards against which to engineer the IT system or application

2.3. Perform the processes and procedures to mitigate the introduction of vulnerabilities during the engineering process

2.4. Perform secure configuration management practices

2.5. Validate that the engineered IT system and application security controls meet the specified requirements

2.6. Reengineer security controls to mitigate vulnerabilities identified during the operations phase

2.7. Ensure the integration of information security practices throughout the SDLC process

2.8. Document IT system or application security controls addressed within the system

2.9. Practise secure coding practices

3. Evaluate system and application security

3.1. Review new and existing risk management technologies to achieve an optimal enterprise risk posture

3.2. Review new and existing IT security technologies to support secure engineering across the SDLC phases

3.3. Continually assess the effectiveness of the information system's controls based on risk management practices and procedures

3.4. Assess and evaluate system compliance with corporate policies and architectures

3.5. Assess system maturation and readiness for promotion to the production stage

3.6. Collect lessons learned from integration of information security into the SDLC and use to identify improvement actions

3.7. Collect, analyse and report performance measures


Qualifications and Skillsets

ICAI5250A appears in the following qualifications:

  • ICA60308 - Advanced Diploma of Information Technology (E-Security)
  • ICA50405 - Diploma of Information Technology (Networking)
  • ICA60208 - Advanced Diploma of Information Technology (Network Security)
  • ICA50105 - Diploma of Information Technology (General)