Unit of competency
Modification History
Release 1 |
This version first released with CPP Property Services Training Package Release 9.0. Supersedes and is equivalent to CPPSEC4012A Identify and assess security of assets. Updated to meet the Standards for Training Packages. |
Application
This unit specifies the skills and knowledge required to assess the security vulnerabilities of client assets based an analysis of asset types, use, ownership and value. It includes auditing security risk control mechanisms and incident reporting measures and testing their operational effectiveness to identify failures and recommend treatment options.
This unit is suitable for those using specialised knowledge to complete routine and non-routine tasks and using their own judgement to deal with predictable and sometimes unpredictable problems.
Legislative, regulatory or certification requirements apply in some states and territories to the provision of advice on security solutions, strategies, protocols and procedures. For further information, check with the relevant regulatory authority.
Pre-requisite Unit
None.
Unit Sector
Security/Risk management
Elements and Performance Criteria
Elements describe the essential outcomes. |
Performance criteria describe what needs to be done to demonstrate achievement of the element. |
||
1 |
List client assets and confirm status. |
1.1 |
Access and interpret key requirements of legislation, regulations and workplace policies and procedures and apply to work instructions to ensure compliance. |
1.2 |
Consult with relevant persons to confirm the location and nature of all assets and clarify client security objectives in relation to each asset. |
||
1.3 |
Source valid and reliable information to confirm the value of all client assets in consultation with relevant persons. |
||
1.4 |
Document listing of client assets and valuations in a format suitable for analysis. |
||
1.5 |
Conduct analysis to confirm asset types, use, ownership and value. |
||
1.6 |
Recognise own limitations in assessing asset security vulnerabilities of client and access specialist resources or advice to meet client requirements. |
||
2 |
Assess security risk control mechanisms to identify asset vulnerabilities. |
2.1 |
Identify and assess methods for accessing client assets. |
2.2 |
Conduct audit of existing and planned security risk control mechanisms and incident reporting measures. |
||
2.3 |
Obtain and review operating parameters for identified risk control mechanisms to plan testing methods. |
||
2.4 |
Test operational effectiveness of risk control mechanisms to identify actual and potential failures and report the results to relevant persons. |
||
3 |
Finalise and present asset security vulnerability assessment. |
3.1 |
Finalise asset security vulnerability assessment including recommendations to treat identified security risks, and check to ensure findings and recommendations are supported by verifiable information. |
3.2 |
Use information technologies to document and present asset security vulnerability assessment in a format and style to meet workplace requirements. |
||
3.3 |
Present final asset security vulnerability assessment to relevant persons for feedback within agreed timeframes. |
||
3.4 |
Use questioning and active listening to explain identified security vulnerabilities and recommended treatments. |
||
3.5 |
Complete and secure asset assessment documentation in a manner that facilitates future retrieval and maintains confidentiality according to workplace and regulatory requirements. |
Foundation Skills
As well as the foundation skills explicit in the performance criteria of this unit, candidates require:
- oral communication skills to use clear explanations, active listening and questioning skills to convey and clarify information when assessing asset vulnerabilities
- writing skills to document succinct and logically structured client advice.
Unit Mapping Information
Supersedes and equivalent to CPPSEC4012A Identify and assess security of assets.
Links
Companion volumes to this training package are available at the VETNet website - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=6f3f9672-30e8-4835-b348-205dfcf13d9b