^

 
 

Unit of competency details

ICTNWK519 - Design an ICT security framework (Release 1)

Summary

Usage recommendation:
Superseded
Mapping:
MappingNotesDate
Supersedes and is equivalent to ICANWK519A - Design an IT security frameworkUpdated to meet Standards for Training Packages. Minor change to the title. 24/Mar/2015
Is superseded by and equivalent to ICTNWK549 - Design ICT security frameworks 20/Jul/2020

Releases:
ReleaseRelease date
1 1 (this release) 25/Mar/2015


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 020305 Systems Analysis And Design  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 020305 Systems Analysis And Design  30/Jul/2015 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit Of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Application

This unit describes the skills and knowledge required to evaluate information and communications technology (ICT) security requirements for a new system and to plan for controls and contingencies.

It applies to individuals working in senior roles in the networking area who are required to design security for new ICT systems.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Networking

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Research ICT security requirements

1.1 Investigate and gather statutory, commercial and application security requirements

1.2 Assess impact on the existing ICT system

1.3 Identify additional ICT security requirements

1.4 Document security requirements and forward to appropriate person for approval

2. Conduct risk analysis

2.1 Identify security threats and determine security specifications, taking into account the internal and external business environment

2.2 Develop controls and contingencies to alleviate security threats

2.3 Identify the costs associated with contingencies

2.4 Document and forward recommendations to appropriate person for approval

3. Develop ICT security policy and operational procedures

3.1 Review feedback from appropriate person to determine how to manage security threats

3.2 Develop security policies based on the security strategy

3.3 Create and document work procedures based on the security policies

3.4 Document operating procedures and forward to appropriate person for approval

3.5 Take action to ensure confidentiality of client and user information

3.6 Apply statutory requirements to policy and procedures

Foundation Skills

This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.

Skill 

Performance Criteria 

Description 

Reading

1.1, 3.1-3.3

  • Recognises and interprets legislative, organisational and technical material to determine job requirements

Writing

1.4, 2.1, 2.4, 3.2-3.4

  • Develops a broad range of procedural material for a specific audience, using clear and detailed language to convey explicit information, requirements and recommendations

Oral Communication

3.1

  • Uses listening and questioning skills to confirm understanding for requirements and articulates information clearly and concisely

Numeracy

2.3

  • Interprets numerical data to develop a broad plan, budget and strategy

Navigate the world of work

1.1, 3.6

  • Understands own legal rights and responsibilities, and understands general legal principles applicable across work contexts

Interact with others

1.4, 2.4, 3.4

  • Actively identifies the requirements of important communication exchanges, selecting appropriate channels, format, tone and content to suit purpose and audience

Get the work done

1.1-1.3, 2.1-2.3, 3.5

  • Demonstrates a sophisticated understanding of principles, concepts, language and practices associated with the digital world
  • Uses digital technologies and systems safely and legally when gathering, storing, accessing and sharing information, with a growing awareness of the permanence and transparency of all activities
  • May operate from a broad conceptual plan, developing the operational detail in stages, and regularly reviewing priorities and performance
  • Takes responsibility for high-impact decisions in complex situations involving many variables and constraints
  • Uses nuanced understanding of context to recognise anomalies and subtle deviations to normal expectations, focussing attention on critical issues and variables

Unit Mapping Information

Code and title 

current version 

Code and title 

previous version 

Comments 

Equivalence status 

ICTNWK519 Design an ICT security framework

ICANWK519A Design an IT security framework

Updated to meet Standards for Training Packages.

Minor change to the title.

Equivalent unit

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Performance Evidence

Evidence of the ability to:

  • research and assess security framework requirements with consideration of statutory and commercial requirements
  • determine the security risks and develop controls and contingencies
  • identify costs associated
  • document the security framework and obtain approval
  • develop security policies and operating procedures.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

Knowledge Evidence

To complete the unit requirements safely and effectively, the individual must:

  • summarise the design criteria for a security framework, including:
  • the client business domain
  • legislation relating to information and communications technology (ICT) security
  • current industry accepted hardware
  • current industry software products
  • security features and capabilities
  • operating systems
  • risk relating to ICT security
  • identify and outline relevant privacy legislation
  • identify and outline common security considerations for businesses, including:
  • typical environments
  • threats
  • policies and strategies.

Assessment Conditions

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the network industry, and include access to:

  • information on the security environment
  • laws or legislation
  • existing organisational security policies
  • organisational expertise
  • ICT business specifications
  • ICT security assurance specifications
  • security environment, which also includes the threats to security that are, or are held to be, present in the environment
  • risk analysis tools or methodologies.

Assessors must satisfy NVR/AQTF assessor requirements.

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2