Modification History
Not Applicable
Unit Descriptor
Unit descriptor |
This unit defines the competency required to design the controls that ensure the organisational system is secure from both a legal and business perspective. The following unit is linked and forms an appropriate cluster:
No licensing, legislative, regulatory or certification requirements apply to this unit at the time of publication. |
Application of the Unit
Application of the unit |
Licensing/Regulatory Information
Refer to Unit Descriptor
Pre-Requisites
Prerequisite units |
||
Employability Skills Information
Employability skills |
This unit contains employability skills. |
Elements and Performance Criteria Pre-Content
Elements describe the essential outcomes of a unit of competency. |
Performance criteria describe the performance needed to demonstrate achievement of the element. Where bold italicised text is used, further information is detailed in the required skills and knowledge section and the range statement. Assessment of performance is to be consistent with the evidence guide. |
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
1. Review organisational security polices and procedures |
1.1. Review business environment to identify existing requirements 1.2. Determine organisational goals for legal and security requirements 1.3. Verify security needs in a policy document 1.4. Determine legislative impact on business domain 1.5. Gather and document objective evidence on current security threats 1.6. Identify options for utilising internal and/or external expertise 1.7. Establish and document a standard methodology for performing security tests |
2. Develop security plan |
2.1. Investigate theoretical attacks and threats on the business 2.2. Evaluate risks and threats associated with the investigation 2.3. Prioritise assessment results and write security policy 2.4. Document information related to attacks, threats, risks and controls in a security plan 2.5. Review the security strategy with security-approved key stakeholders 2.6. Integrate approved changes into business plan and ensure compliance with statutory requirements |
3. Design controls to be incorporated in system |
3.1. Implement controls in a procedurally organised manner to ensure minimum risk of security breach in line with organisational guidelines 3.2. Monitor each phase of the implementation to determine the impact on the business 3.3. Take corrective action on system implementation breakdown 3.4. Record implementation process 3.5. Evaluate corrective actions for risk 3.6. Plan risk assessment review process 3.7. Take action to ensure confidentiality throughout all phases of design |
Required Skills and Knowledge
REQUIRED SKILLS AND KNOWLEDGE |
This section describes the skills and knowledge required for this unit. |
Required skills |
|
Required knowledge |
|
Evidence Guide
EVIDENCE GUIDE |
|
The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package. |
|
Overview of assessment |
|
Critical aspects for assessment and evidence required to demonstrate competency in this unit |
Evidence of the following is essential:
To demonstrate competency in this unit the following resources will be needed:
|
Context of and specific resources for assessment |
Design covers:
This unit involves organisational polices and procedures for information security, process security, internet technology security, communications security, wireless security and physical security. The breadth, depth and complexity involving analysis, design, planning, execution and evaluation across a range of technical and/or management functions including development of new criteria or applications or knowledge or procedures would be characteristic. Competency in this unit will include observation of real or simulated procedures and polices, security plans and risk assessment strategies. Breadth, depth and complexity of knowledge and competencies would cover a broad range of varied activities in a wider variety of contexts, most of which are complex, evolving and critical in nature. Performance of a broad range of skilled applications, including requirements to evaluate and analyse current security practices and developing new criteria in a risk environment. Assessment must ensure:
|
Method of assessment |
The purpose of this unit is to define the standard of performance to be achieved in the workplace. In undertaking training and assessment activities related to this unit, consideration should be given to the implementation of appropriate diversity and accessibility practices in order to accommodate people who may have special needs. Additional guidance on these and related matters is provided in ICA05 Section 1.
|
Guidance information for assessment |
Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended, for example:
An individual demonstrating this competency would be able to:
|
Range Statement
RANGE STATEMENT |
|
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included. |
|
Security environment |
|
Stakeholders may include: |
|
Organisational guidelines may include but are not limited to: |
|
Requirements may be in reference to: |
|
Security plan |
|
Security policy may be in relation to: |
|
Security threats may include but are not limited to: |
|
Security strategy includes: |
|
Risk assessment includes: |
|
Unit Sector(s)
Unit sector |
Analyse and Design |
Co-requisite units
Co-requisite units |
||
Competency field
Competency field |