Formats and tools
- Unit Description
- Reconstruct the unit from the xml and display it as an HTML page.
- Assessment Tool
- an assessor resource that builds a framework for writing an assessment tool
- Assessment Template
- generate a spreadsheet for marking this unit in a classroom environment. Put student names in the top row and check them off as they demonstrate competenece for each of the unit's elements and performance criteria.
- Assessment Matrix
- a slightly different format than the assessment template. A spreadsheet with unit names, elements and performance criteria in separate columns. Put assessment names in column headings to track which performance criteria each one covers. Good for ensuring that you've covered every one of the performance criteria with your assessment instrument (all assessement tools together).
- Wiki Markup
- mark up the unit in a wiki markup codes, ready to copy and paste into a wiki page. The output will work in most wikis but is designed to work particularly well as a Wikiversity learning project.
- Evidence Guide
- create an evidence guide for workplace assessment and RPL applicants
- Competency Mapping Template
- Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners. A template for developing assessments for a unit, which will help you to create valid, fair and reliable assessments for the unit, ready to give to trainers and students
- Observation Checklist
- create an observation checklist for workplace assessment and RPL applicants. This is similar to the evidence guide above, but a little shorter and friendlier on your printer. You will also need to create a seperate Assessor Marking Guide for guidelines on gathering evidence and a list of key points for each activity observed using the unit's range statement, required skills and evidence required (see the unit's html page for details)
- Self Assessment Survey
- A form for students to assess thier current skill levels against each of the unit's performance criteria. Cut and paste into a web document or print and distribute in hard copy.
- Moodle Outcomes
- Create a csv file of the unit's performance criteria to import into a moodle course as outcomes, ready to associate with each of your assignments. Here's a quick 'how to' for importing these into moodle 2.x
- Registered Training Organisations
- Trying to find someone to train or assess you? This link lists all the RTOs that are currently registered to deliver PSPSEC501A, 'Assess security risks'.
- Google Links
- links to google searches, with filtering in place to maximise the usefulness of the returned results
- Books
- Reference books for 'Assess security risks' on fishpond.com.au. This online store has a huge range of books, pretty reasonable prices, free delivery in Australia *and* they give a small commission to ntisthis.com for every purchase, so go nuts :)
Elements and Performance Criteria
ELEMENT | PERFORMANCE CRITERIA |
1. Establish security risk context | 1.1 The scope of the risk assessment and its strategic and organisational context are identified in accordance with organisational requirements. 1.2 Legislation, policies, procedures and guidelines related to security risk management are identified and complied with. 1.3 Stakeholders are identified and their expectations and input are obtained in accordance with organisational policy and procedures. 1.4 Security risk criteria are identified in accordance with the organisation's security policy, jurisdictional policies and legislation. 1.5 A risk assessment plan is developed in accordance with organisational priorities, and endorsement is obtained. |
2. Gather and analyse information | 2.1 Sources of information are identified and information is gathered in accordance with organisational policy and procedures. 2.2 Internal information including historical information is reviewed. 2.3 New information from internal/external sources is aggregated. 2.4 Information is contextualised to the organisational context. 2.5 Gaps in information are identified and addressed. |
3. Identify security risks | 3.1 Sources of threat to the organisation's resources and functions are identified, and threats/potential threats are determined in accordance with organisational policy and procedures. 3.2 Threat assessment is conducted against organisational policies, procedures and guidelines. 3.3 Access to, availability of and procedures relating to resources/areas are analysed to determine risk exposure. 3.4 Risks are assessed using risk assessment techniques to suit the type and level of risk in accordance with organisational policy and procedures. 3.5 Risk potential is determined and risks are documented in accordance with organisational requirements. |
4. Analyse security risks | 4.1 Potential consequences of risks/threats are analysed in light of potential damage to agency, including critical lead time for recovery. 4.2 Analysis techniques are used in accordance with organisational policy and procedures. 4.3 Intent, capability and opportunity for each risk/threat to occur are assessed. 4.4 Using all known information, likelihood of risks/threats occurring is assessed. 4.5 Current security countermeasures/treatment options are analysed to determine areas of vulnerability. 4.6 Risk ratings are determined and documented in agreed format using all known information. |
5. Assess and prioritise security risks | 5.1 Stakeholders are consulted about acceptable/unacceptable risk levels. 5.2 Acceptable/unacceptable levels of risk are documented. 5.3 Identified risks are compared with security risk criteria to determine whether they are acceptable/unacceptable. 5.4 Identified risks are prioritised in accordance with security criteria. 5.5 Risks are documented in priority order in accordance with organisational policies, procedures and guidelines. 5.6 Residual risks are determined and documented in accordance with organisational policies, procedures and guidelines. |