Prepare security risk management plan

Formats and tools

Unit Description
Reconstruct the unit from the xml and display it as an HTML page.
Assessment Tool
an assessor resource that builds a framework for writing an assessment tool
Assessment Template
generate a spreadsheet for marking this unit in a classroom environment. Put student names in the top row and check them off as they demonstrate competenece for each of the unit's elements and performance criteria.
Assessment Matrix
a slightly different format than the assessment template. A spreadsheet with unit names, elements and performance criteria in separate columns. Put assessment names in column headings to track which performance criteria each one covers. Good for ensuring that you've covered every one of the performance criteria with your assessment instrument (all assessement tools together).
Wiki Markup
mark up the unit in a wiki markup codes, ready to copy and paste into a wiki page. The output will work in most wikis but is designed to work particularly well as a Wikiversity learning project.
Evidence Guide
create an evidence guide for workplace assessment and RPL applicants
Competency Mapping Template
Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners. A template for developing assessments for a unit, which will help you to create valid, fair and reliable assessments for the unit, ready to give to trainers and students
Observation Checklist
create an observation checklist for workplace assessment and RPL applicants. This is similar to the evidence guide above, but a little shorter and friendlier on your printer. You will also need to create a seperate Assessor Marking Guide for guidelines on gathering evidence and a list of key points for each activity observed using the unit's range statement, required skills and evidence required (see the unit's html page for details)

Self Assessment Survey
A form for students to assess thier current skill levels against each of the unit's performance criteria. Cut and paste into a web document or print and distribute in hard copy.
Moodle Outcomes
Create a csv file of the unit's performance criteria to import into a moodle course as outcomes, ready to associate with each of your assignments. Here's a quick 'how to' for importing these into moodle 2.x
Registered Training Organisations
Trying to find someone to train or assess you? This link lists all the RTOs that are currently registered to deliver PRSSM504A, 'Prepare security risk management plan'.
Google Links
links to google searches, with filtering in place to maximise the usefulness of the returned results
Reference books for 'Prepare security risk management plan' on This online store has a huge range of books, pretty reasonable prices, free delivery in Australia *and* they give a small commission to for every purchase, so go nuts :)

Elements and Performance Criteria

Elements and Performance Criteria


Performance Criteria


Evaluate and prioritise risks


Consequences of identified risks are understood and considered against possible likelihood of occurrence


Acceptable and unacceptable risks are clearly distinguished and confirmed in accordance with organisational requirements


High priority risks are emphasised and specified to ensure the development of appropriate management requirements


Existing controls are evaluated to determine impact on risk occurrence and modifications and improvements are identified in accordance with organisational requirements


Develop action plans


Action plans are structured, formatted and identify key tasks and functions associated with security risk management


Type of risk associated with security context is identifiable through available examples and incorporated into planning processes


Communication and reporting arrangements for maintenance of plans are established in line with client requirements and organisational needs


Contingency arrangements for occurrence of risks are developed and incorporated into plans


Identify management requirements


Timelines and objectives specified in security risk plans are assessed against organisational processes and requirements


Documentation and checklists associated with plan are prepared in established formats to ensure focus on key activities in risk management


Project planning requirements are identified and reviewed to determine availability of suitable resources and expertise


Feedback and monitoring arrangements for operational staff are prepared and established using appropriate procedures


Design treatment options


Operating environment, including potential changes, is researched, confirmed, reviewed and linked to potential and real risks, threats and treatment strategies


Treatment options are selected in line with available industry practices, and implications of treatment options are researched, clarified and approved by the client


Treatment options are feasible, documented and costed to ensure compatibility with nature of risk and client requirements, including future goals and potential changes to the operating environment


Treatment options are linked to whole or part of security risks and are verified with clients for suitability to security context, this is documented, and the required resources are identified and allocated


Tests are conducted on treatment options to determine applicability in field, and the results are statistically analysed if possible


Develop risk management plan


Monitoring and review procedures are developed to ensure continuous improvement according to planning, client and organisational requirements


All relevant information is collated and documented according to assessment, client and organisational requirements


Plan is prepared and presented to client or authorised representatives for review and approval in accordance with organisational requirements

Qualifications and Skillsets

PRSSM504A appears in the following qualifications:

  • ICA60308 - Advanced Diploma of Information Technology (E-Security)
  • ICA60208 - Advanced Diploma of Information Technology (Network Security)