Unit of competency details
BSBXCS404 - Contribute to cyber security risk management (Release 1)
Summary
Usage recommendation:
Current
Releases:
| 1 1 (this release) |
28/Feb/2020 |
Companion volumes:
Unit of competency
Assessment requirements
Training packages that include this unit
Qualifications that include this unit
Skill sets that include this unit
Classifications
Classification history
| ASCED Module/Unit of Competency Field of Education Identifier | 029901 | Security Science | 08/May/2020 | |
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form
Unit of competency
Modification History
|
Release
|
Comments
|
|
Release 1
|
This version first released with BSB Business Services Training Package 6.0.
|
Application
This unit describes the skills and knowledge required to contribute to cyber security risk management, which includes assisting in developing and managing associated risk management strategies.
It applies to those working in a broad range of industries and job roles who work alongside technical experts to develop cyber security risk-management strategies.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Digital Competence – Cyber Security
Elements and Performance Criteria
|
ELEMENT
|
PERFORMANCE CRITERIA
|
|
Elements describe the essential outcomes.
|
Performance criteria describe the performance needed to demonstrate achievement of the element.
|
|
1. Contribute to recommending risk management strategies that mitigate cyber security risk
|
1.1 Consult with stakeholders to determine scope of risk management appropriate to organisation and industry
1.2 Review relevant critical cyber risk management strategies appropriate to level of risk
1.3 Assist in developing suitable cyber security response options according to organisational policies and procedures
1.4 Present options for risk management strategies for approval within scope of own role
1.5 Document approved risk management strategies
|
|
2. Support implementation of approved risk management strategies in response to risk
|
2.1 Support communication of approved risk management strategies to required personnel
2.2 Contribute to monitoring cyber security risk according to selected risk management strategies
2.3 Assist in determining compliance with implemented cyber risk mitigation strategies
2.4 Address non-compliance within scope of own role and escalate where required according to organisational policies and procedures
2.5 Assist in establishing feedback processes that provide warning of potential new risks according to organisational requirements
|
|
3. Review and revise implemented risk management strategies
|
3.1 Identify benchmarks to track effectiveness of risk management strategies
3.2 Support evaluation of effectiveness of implemented strategies
3.3 Update risk management strategies with new information as required
|
Foundation Skills
This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.
|
Skill
|
Description
|
|
Learning
|
- Modifies behaviour following exposure to new information
|
|
Numeracy
|
- Interprets mathematical data
|
|
Oral communication
|
- Asks open and closed probing questions and actively listens to clarify consultations
- Communicate proposed risk management strategies to required personnel
|
|
Reading
|
- Recognises and interprets information from relevant sources to determine organisational expectations and legal requirements
|
|
Writing
|
- Uses clear, specific and industry-related terminology relating to cyber security
- Maintains and updates a range of documents, including risk registers and incident response plans
|
|
Planning and organising
|
- Manages incident response plans
|
|
Teamwork
|
- Works collaboratively with interdisciplinary teams develop cyber risk management strategies
|
|
Technology
|
- Uses appropriate technology platforms to assist with cyber security risk management
|
Unit Mapping Information
No equivalent unit. New unit.
Links
Companion Volume Implementation Guide is found on VETNet: - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2
Assessment requirements
Modification History
|
Release
|
Comments
|
|
Release 1
|
This version first released with BSB Business Services Training Package 6.0.
|
Performance Evidence
The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:
- contribute to developing and implementing risk management strategies that control two different identified cyber security risks and document the response option applied to each risk
- support evaluation of effectiveness of each implemented strategy.
Knowledge Evidence
The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:
- legislative and regulatory requirements relating to contributing to cyber security risk management, including:
- data protection legislation
- notifiable data breach legislation
- Australian privacy laws
- established international legislation
- key risk management strategies, including:
- regular organisational training
- regular threat assessment
- cyber security incident response plan
- clear escalation routes
- organisational policies and procedures, including for:
- analysing and reviewing risk management methodologies
- developing communications plans
- evaluating effectiveness of risk management strategies
- monitoring cyber risk
- reviewing currency of risk register
- industry-specific knowledge of suitable procedures for applying risk management strategy
- guidelines required for updating technology
- business process design principles in relation to risk management
- reporting mechanisms for tracking organisational cyber security maturity.
Assessment Conditions
Skills must be assessed in a workplace or simulated environment where conditions are typical of a work environment requiring cyber secure practices, processes and procedures.
Access is required to:
- information and data sources relating to cyber security
- device with active internet connection
- internet browser
- industry standards, organisational procedures, and legislative requirements required to demonstrate the performance evidence.
Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.
Links
Companion Volume Implementation Guide is found on VETNet: - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2
