Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with ICT Information and Communications Technology Training Package Version 7.2. |
Application
This unit describes the skills and knowledge required to analyse intentional and unintentional cyber security insider risks and threats, devise recommendations to minimise those risks and threats, and recommend organisational training responses to them.
The unit applies to those who work in information technology security roles, including cyber security analysts and specialists, cyber risk and assurance managers, and other related roles that are responsible for analysing cyber security insider risks and threats.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Cyber security
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Determine cyber security insider risks and threats in organisation or workplace context |
1.1 Obtain work details and scope from required personnel and arrange for access to required technology in compliance with organisational security arrangements and required legislation, codes, regulations and standards 1.2 Evaluate and apply privacy requirements according to organisational policies and procedures 1.3 Identify systems of critical nature to business and key data logs for detection of cyber security insider risk and threat activity 1.4 Determine high-risk data using organisational risk framework 1.5 Monitor organisational behaviour patterns to identify cyber security insider risks and threats |
2. Complete model-based analysis of cyber security insider risks and threats |
2.1 Identify model required to analyse cyber security insider risks and threats 2.2 Analyse sensors and data logs and perform risk assessment to identify high-risk users and behaviours 2.3 Perform a model-based analysis of cyber security insider risks and threats |
3. Devise and distribute recommendations arising from analysis |
3.1 Prioritise risks and threats based on analysis according to organisational policies and procedures 3.2 Develop recommendations to minimise or eliminate insider risks and threats based on analysis findings 3.3 Seek and integrate feedback of required personnel on draft recommendations 3.4 Distribute information and documentation to required personnel according to legislative requirements and organisational policies and procedures |
4. Review organisational training response to cyber security insider risks and threats |
4.1 Review identified cyber security insider risks and threats to identify training requirements 4.2 Develop recommendations for training to address cyber security insider risks and threats 4.3 Seek feedback on training recommendations from required personnel 4.4 Finalise and distribute training recommendations according to organisational policies and procedures |
Foundation Skills
This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.
S KILL |
DESCRIPTION |
Reading |
|
Writing |
|
Oral communication |
|
Problem solving |
|
Self-management |
|
Technology |
|
Unit Mapping Information
No equivalent unit. Newly created unit.
Links
Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2