Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with ICT Information and Communications Technology Training Package Version 6.0. |
Application
This unit describes the skills and knowledge required to develop an information security and risk management strategy (ISRM) within an organisation that supports business processes.
It applies to individuals who work in information technology security and have the knowledge and skills in cyber security to support business functions in planning and implementing information security strategies. In this instance, the individual may work internally within an organisation, or be engaged externally in supporting organisations with their development of information security strategies.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Cyber security
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Plan information security strategies |
1.1 Discuss implementation opportunities for organisational information security strategies with required personnel 1.2 Gain management buy in and approval in planning and implementing information security strategy 1.3 Identify and confirm organisational policies including password policies, bring your own device (BYOD) and on boarding processes with required personnel 1.4 Analyse organisational environments, processes and risk profile requirements 1.5 Identify legislation and industry requirements to implement information security strategies in an organisation |
2. Design and implement information security strategy |
2.1 Develop action plan with specific goals and objectives of information security strategy according to organisational needs 2.2 Design secure network infrastructure and security strategy according to organisational needs 2.3 Analyse data classifications and levels of access in operational processes and integrate with strategy 2.4 Document designed information security strategy according to organisational procedures 2.5 Implement information security strategy according to design and organisational needs |
3. Test and finalise information security strategy |
3.1 Establish security baselines and metrics according to organisational needs 3.2 Perform testing procedures and confirm information security strategy addresses organisational needs 3.3 Record and compare test results to established metrics and benchmarks 3.4 Finalise documentation and report information security strategy outcomes to required personnel 3.5 Obtain feedback from required personnel and amend information security strategy accordingly 3.6 Review final information security strategy and obtain sign-off from required personnel |
Foundation Skills
This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.
S KILL |
D ESCRIPTION |
Learning |
|
Numeracy |
|
Reading |
|
Writing |
|
Teamwork |
|
Planning and organising |
|
Technology |
|
Unit Mapping Information
No equivalent unit. New unit.
Links
Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2