^

 
 

Unit of competency details

ICTCYS403 - Plan and implement information security strategies for an organisation (Release 1)

Summary

Usage recommendation:
Current
Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 21/Jul/2020


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  18/Sep/2020 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Application

This unit describes the skills and knowledge required to develop an information security and risk management strategy (ISRM) within an organisation that supports business processes.

It applies to individuals who work in information technology security and have the knowledge and skills in cyber security to support business functions in planning and implementing information security strategies. In this instance, the individual may work internally within an organisation, or be engaged externally in supporting organisations with their development of information security strategies.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Cyber security

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Plan information security strategies

1.1 Discuss implementation opportunities for organisational information security strategies with required personnel

1.2 Gain management buy in and approval in planning and implementing information security strategy

1.3 Identify and confirm organisational policies including password policies, bring your own device (BYOD) and on boarding processes with required personnel

1.4 Analyse organisational environments, processes and risk profile requirements

1.5 Identify legislation and industry requirements to implement information security strategies in an organisation

2. Design and implement information security strategy

2.1 Develop action plan with specific goals and objectives of information security strategy according to organisational needs

2.2 Design secure network infrastructure and security strategy according to organisational needs

2.3 Analyse data classifications and levels of access in operational processes and integrate with strategy

2.4 Document designed information security strategy according to organisational procedures

2.5 Implement information security strategy according to design and organisational needs

3. Test and finalise information security strategy

3.1 Establish security baselines and metrics according to organisational needs

3.2 Perform testing procedures and confirm information security strategy addresses organisational needs

3.3 Record and compare test results to established metrics and benchmarks

3.4 Finalise documentation and report information security strategy outcomes to required personnel

3.5 Obtain feedback from required personnel and amend information security strategy accordingly

3.6 Review final information security strategy and obtain sign-off from required personnel

Foundation Skills

This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.

S KILL 

D ESCRIPTION 

Learning

  • Identifies and gathers information applicable to business, organisational security and environment

Numeracy

  • Uses tools when developing security baselines and metrics

Reading

  • Selects and applies procedures and strategies required in developing information security strategies after reading required texts

Writing

  • Uses required and industry specific terminology in documenting action plans and information security strategies

Teamwork

  • Works collaboratively with required personnel and interdisciplinary teams in developing information security strategies

Planning and organising

  • Manages development of information security strategies using logical sequencing

Technology

  • Uses required technological tools and software in planning and implementing information security strategies
  • Applies skills in systems administration, network security, applications and programming

Unit Mapping Information

No equivalent unit. New unit.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

  • plan and implement an information security strategy according to organisational needs.

In the course of the above, the candidate must:

  • establish at least three security baselines and at least three testing metrics
  • comply with legislation and industry requirements
  • follow organisational procedures.

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

  • function of information security strategy testing procedures, including:
  • vulnerability tests
  • basic penetration tests
  • key organisational environment and business processes required to plan and implement information security strategies for an organisation
  • network and cyber security features and principals
  • types of data and classifications including sensitivity levels
  • advantages and importance of implementing information security strategies
  • organisational procedures applicable to developing information security strategies, including:
  • documentation processes
  • designing secure network infrastructure
  • establishing requirements and features of information security strategies
  • establishing baselines and metrics
  • testing methodologies.

Assessment Conditions

Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.

This includes access to:

  • required hardware, software and its components
  • information and documents applicable to organisational procedures and processes
  • information security strategy testing software.

Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2