Assess security risks

Formats and tools

Unit Description
Reconstruct the unit from the xml and display it as an HTML page.
Assessment Tool
an assessor resource that builds a framework for writing an assessment tool
Assessment Template
generate a spreadsheet for marking this unit in a classroom environment. Put student names in the top row and check them off as they demonstrate competenece for each of the unit's elements and performance criteria.
Assessment Matrix
a slightly different format than the assessment template. A spreadsheet with unit names, elements and performance criteria in separate columns. Put assessment names in column headings to track which performance criteria each one covers. Good for ensuring that you've covered every one of the performance criteria with your assessment instrument (all assessement tools together).
Wiki Markup
mark up the unit in a wiki markup codes, ready to copy and paste into a wiki page. The output will work in most wikis but is designed to work particularly well as a Wikiversity learning project.
Evidence Guide
create an evidence guide for workplace assessment and RPL applicants
Competency Mapping Template
Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners. A template for developing assessments for a unit, which will help you to create valid, fair and reliable assessments for the unit, ready to give to trainers and students
Observation Checklist
create an observation checklist for workplace assessment and RPL applicants. This is similar to the evidence guide above, but a little shorter and friendlier on your printer. You will also need to create a seperate Assessor Marking Guide for guidelines on gathering evidence and a list of key points for each activity observed using the unit's range statement, required skills and evidence required (see the unit's html page for details)

Self Assessment Survey
A form for students to assess thier current skill levels against each of the unit's performance criteria. Cut and paste into a web document or print and distribute in hard copy.
Moodle Outcomes
Create a csv file of the unit's performance criteria to import into a moodle course as outcomes, ready to associate with each of your assignments. Here's a quick 'how to' for importing these into moodle 2.x
Registered Training Organisations
Trying to find someone to train or assess you? This link lists all the RTOs that are currently registered to deliver PSPSEC011, 'Assess security risks'.
Google Links
links to google searches, with filtering in place to maximise the usefulness of the returned results
Reference books for 'Assess security risks' on This online store has a huge range of books, pretty reasonable prices, free delivery in Australia *and* they give a small commission to for every purchase, so go nuts :)

Elements and Performance Criteria



Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the range of conditions section.

1. Establish security risk context

1.1 Identify the scope and strategic and organisational contexts of the risk assessment.

1.2 Identify and comply with legislation, policies, procedures and guidelines related to security risk management.

1.3 Identify stakeholders and their expectations and obtain their input.

1.4 Identify security risk criteria.

1.5 Develop and obtain endorsement for a risk assessment plan according to organisational priorities.

2. Gather and analyse information

2.1 Identify sources and gather information.

2.2 Review relevant internal and historical information.

2.3 Aggregate and contextualise new information from internal and external sources.

2.4 Identify and address information gaps.

3. Identify security risks

3.1 Determine sources of threat to the organisation’s resources and functions.

3.2 Conduct threat assessment against organisational policies, procedures and guidelines and determine risk exposure.

3.3 Use risk assessment techniques which suit the type and level of risk.

3.4 Determine and document risk potential.

4. Analyse security risks

4.1 Analyse potential consequences of risks or threats in light of potential damage to agency, including critical lead time for recovery.

4.2 Assess intent, capability and opportunity for each risk or threat to occur, using all available information.

4.3 Analyse current security countermeasures and treatment options to determine areas of vulnerability.

4.4 Determine and document risk ratings in agreed format.

5. Assess and prioritise security risks

5.1 Consult stakeholders regarding acceptable and unacceptable risk levels.

5.2 Document acceptable and unacceptable levels of risk.

5.3 Compare identified risks with security risk criteria to determine whether they are acceptable or unacceptable.

5.4 Prioritise and document identified risks in accordance with security criteria.

5.5 Document determined residual risks.