Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with the Business Services Training Package Version 8.0. Newly created unit. |
Application
This unit describes the skills and knowledge required to develop cyber security insider threat and risk response plans to effectively prevent, detect and mitigate insider threats. This includes assessing current cyber security risks, evaluating existing procedures, and drafting a cyber security insider threat and risk response plan. An insider threat or risk refers to an intentional or unintentional act committed by individuals in an organisation that causes, or has the potential to cause, harm to an organisation’s cyber security.
The unit applies to individuals who work in a broad range of industries who as part of their job role assist in preventing insider threat and risk, by supporting processes to develop response plans. Individuals in these job roles will demonstrate judgement and have limited responsibilities in changing contexts.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Digital Competence - Cyber Security
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Prepare to develop cyber security insider threat and risk response plan |
1.1 Assess organisational cyber security risks and their causes 1.2 Evaluate impact and probability of assessed organisational cyber security risks 1.3 Prioritise organisational cyber security risks based on their impact and probability |
2. Draft cyber security insider threat and risk response plan |
2.1 Identify and document existing organisational policies and procedures for responding to cyber security insider threats and risks 2.2 Evaluate existing procedures to monitor employee adherence to risk minimising policies and procedures 2.3 Evaluate effectiveness of existing risk response policies and procedures based on prioritised risks 2.4 Research existing examples of best practice cyber security insider threat and risk response plans in different organisations 2.5 Develop draft of cyber security threat and risk response plan based on prioritised organisational risks according to legislative requirements |
3. Review and finalise cyber security insider threat and risk response plan |
3.1 Seek feedback on draft plan from required personnel according to organisational policies and procedures 3.2 Integrate feedback and finalise plan 3.3 Seek plan sign-off according to organisational policies and procedures 3.4 Distribute and store documented plan according to organisational policies and procedures |
Foundation Skills
This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.
Skill |
Description |
Oral communication |
|
Reading |
|
Writing |
|
Teamwork |
|
Initiative and enterprise |
|
Planning and organising |
|
Problem solving |
|
Technology |
|
Unit Mapping Information
No equivalent unit. Newly created unit.
Links
Companion Volume Implementation Guide is found on VETNet - - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=11ef6853-ceed-4ba7-9d87-4da407e23c10