^

 
 

Unit of competency details

ICTNWK513 - Manage system security (Release 1)

Summary

Usage recommendation:
Superseded
Mapping:
MappingNotesDate
Supersedes and is equivalent to ICANWK513A - Manage system securityUpdated to meet Standards for Training Packages. 24/Mar/2015
Is superseded by and equivalent to ICTNWK547 - Manage system security on operational systems 20/Jul/2020

Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 25/Mar/2015


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  30/Jul/2015 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit Of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Application

This unit describes the skills and knowledge required to implement and manage security on an operational system.

It applies to individuals working in middle management in technical advice, guidance and leadership roles such as security managers and security analysts responsible for implementing and managing the organisations security management system.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Networking

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Analyse threats to system

1.1 Evaluate the organisation’s system and verify that it meets enterprise guidelines and policies

1.2 Conduct risk analysis on system and document outcomes

1.3 Evaluate threats to the system and document findings

1.4 Compile and document human interactions with system

2. Determine risk category

2.1 Conduct a risk assessment on the system and categorise risks

2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks

2.3 Match risk plans to risk categories

2.4 Determine and plan resources by risk categories

3. Identify appropriate controls

3.1 Devise and put in place effective controls to manage risk

3.2 Design policies and procedures to cover user access of the system

3.3 Conduct training in the use of system-related policies and procedures

3.4 Monitor high-risk categories at specified periods

3.5 Categorise and record system breakdowns

4. Include controls in the system

4.1 Develop security plan and procedures to include in management system

4.2 Develop security recovery plan

4.3 Implement system controls to reduce risks in human interaction with the system

5. Monitor system tools and procedures

5.1 Review and monitor risks and controls, using a management review process

5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews

5.3 Plan to re-evaluate system and identify new threats and risks

Foundation Skills

This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.

Skill 

Performance Criteria 

Description 

Reading

1.1, 5.1, 5.2

  • Gathers, interprets and analyses technical and enterprise information to determine requirements according to client needs

Writing

1.2-1.4, 2.1, 2.2, 3.2, 3.5, 4.1, 4.2

  • Prepares information that incorporates a synthesis of knowledge, using information and communications technology (ICT) terminology and cohesive language in a format and style appropriate to a specific audience

Navigate the world of work

1.1

  • Takes full responsibility for identifying and considering relevant policies and procedures when managing a security system

Interact with others

3.3

  • Demonstrates an increasing capacity to manipulate oral, visual and or written formats to achieve a specific purpose with full command of vocabulary relevant to context

Get the work done

1.1-1.3, 2.1-2.4, 3.1, 3.4, 4.3, 5.3

  • Demonstrates a sophisticated understanding of principles, concepts, language and practices associated with the digital world and uses these to troubleshoot and reduce risks
  • Uses digital tools to access and organise complex data and analyse multiple sources of information for strategic purposes
  • Is acutely aware of the importance of understanding, monitoring and controlling access to digitally stored and transmitted information
  • Uses a combination of formal and logical planning processes and an increasingly intuitive understanding of context to develop a security plan and a security recovery plan
  • Makes a range of critical decisions in relatively complex situations, taking a range of constraints into account
  • Recognises and addresses complex problems involving participation in group solutions and analysis, and resolving issues for a mixed mode environment of people and systems processes

Unit Mapping Information

Code and title 

current version 

Code and title 

previous version 

Comments 

Equivalence status 

ICTNWK513 Manage system security

ICANWK513A Manage system security

Updated to meet Standards for Training Packages

Equivalent unit

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Performance Evidence

Evidence of the ability to:

  • implement and manage security functions on a system
  • conduct risk assessment
  • set up effective controls to manage risk
  • develop security plan and security recovery plan
  • monitor risks and controls
  • review risk analysis process.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

Knowledge Evidence

To complete the unit requirements safely and effectively, the individual must:

  • summarise the general features of specific security technologies
  • describe risk analysis techniques, with a focus on their general features, and depth in security procedures
  • describe the common security requirements of a client’s organisation, including:
  • threats
  • security techniques and technologies
  • outline systems management and process control in relation to security
  • explain systems technologies, including a broad summary of their general features and capabilities.

Assessment Conditions

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

  • a site where system security may be implemented and managed
  • use of utility tools currently used in industry
  • organisational security policies
  • manufacturer recommendations
  • security standards.

Assessors must satisfy NVR/AQTF assessor requirements.

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2