Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Identify information security risks for cloud service

1.1 Identify cloud security risks for different cloud delivery and deployment models

1.2 Identify and review legal, privacy and contractual issues, organisational policies, procedures and requirements

1.3 Map responsibilities between organisation and cloud vendor

1.4 Review compliance controls of cloud vendor

1.5 Identify risks and identify risks that are organisation’s responsibility

2. Manage cloud security controls

2.1 Identify security controls provided by the cloud vendor for cloud service

2.2 Map security controls to organisation risks

2.3 Configure security controls to mitigate risk according to business needs

2.4 Document configuration of security control and risk mitigation

3. Manage cloud privacy compliance

3.1 Identify required data storage compliance regulations

3.2 Determine data privacy risks associated with cloud service

3.3 Determine and implement business continuity and data recovery plan requirements

3.4 Review user access policies and configuration to data

3.5 Identify, secure and maintain, logs and audit trails according to business requirements

3.6 Document data privacy risk mitigation

4. Implement information security compliance enhancements

4.1 Implement and integrate required changes into organisations risk register and business continuity plans (BCP)

4.2 Establish and document performance measurement program and evaluate security effectiveness of implemented security controls

4.3 Submit documentation changes to required personnel

4.4 Obtain final task sign of from required personnel

S KILL 

D ESCRIPTION 

Learning

• Explores and incubates, new and innovative ideas, through unconstrained analysis and critical thinking, to develop and improve the organisation’s goals

Oral communication

• Articulates requirements and complex concepts using industry standard technical language intended for audience and environment

Reading

• Organises, evaluates and critiques ideas, and information, from a wide range of complex texts

Writing

• Prepares complex documentation detailing cloud security control and privacy mitigation and recommended enhancements using succinct language and logical structure

Planning and organising

• Plans strategic priorities and outcomes within a flexible, efficient and effective context, in a diverse environment, exposed to competing demands
• Gathers and analyses data, and seeks feedback to improve plans and processes

Problem solving

• Makes high-impact decisions in a complex and diverse environment, using input from a range of sources
• Identifies the key factors that impact on decisions and their outcomes, drawing on experience, competing priorities, and decision- making strategies, where appropriate

Self-management

• Works autonomously making high-level decisions to achieve, and improve, organisational goals
• Develops and implements strategies, that confirms that organisational policies, procedures and regulatory requirements are being met

Technology

• Demonstrates a sophisticated knowledge of principles, concepts, language and practices associated with the digital world

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.