^

 
 

Unit of competency details

ICTNWK545 - Develop, implement and evaluate systems and applications security (Release 1)

Summary

Usage recommendation:
Current
Mapping:
MappingNotesDate
Supersedes and is equivalent to ICTNWK510 - Develop, implement and evaluate system and application security 20/Jul/2020

Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 21/Jul/2020


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 020113 Networks And Communications  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 020113 Networks And Communications  21/Jul/2020 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit Of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Application

This unit describes the skills and knowledge required to develop, implement and evaluate information security in an Information and Communications Technology (ICT) system or application during the system development life cycle (SDLC) and prior to the operations and maintenance phase.

It applies to individuals who work as network managers and required to handle system and application security from the development phase through implementation to evaluation.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Networking

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Develop system and application security

1.1 Identify organisational ICT system and application security requirements

1.2 Determine and document ICT system and application security plan according to organisational requirements

1.3 Identify risk-based audit performance criteria against the ICT system or application

1.4 Develop and document required mitigation of vulnerabilities processes and procedures

1.5 Integrate information security requirements, controls, processes and procedures into ICT system and application design specifications

2. Implement system and application security

2.1 Execute and verify operational compliance according to technical and organisational requirements

2.2 Perform required configuration management practices and mitigate introduction of vulnerabilities

2.3 Validate and re-engineer ICT system and application security controls and operations phase vulnerabilities

2.4 Document ICT system and application security controls according to organisational policies and procedures

3. Evaluate system and application security

3.1 Assess effectiveness of information system controls against required risk management practices and procedures

3.2 Assess and evaluate system compliance against organisational requirements

3.3 Assess system maturation and readiness for promotion to production stage according to organisational requirements

3.4 Document assessment findings and submit to required personnel

Foundation Skills

This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.

S KILL 

D ESCRIPTION 

Reading

  • Gathers, interprets and analyses technical and regulatory information to determine requirements according to client needs

Writing

  • Uses factual information and industry related terminology to produce workplace documents

Planning and organising

  • Uses a combination of formal, logical planning processes to plan, prioritise and monitor own work and coordinate processes in liaison with others and within different contexts

Problem solving

  • Identifies sophisticated principles, concepts, nuance, language and practices associated with the digital world and uses these to troubleshoot and reduce risks
  • Uses digital tools to access and organise complex data and analyse multiple sources of information for strategic purpose
  • Makes a range of critical decisions in relatively complex situations, taking a range of constraints into account

Self-management

  • Identifies and considers required policies and legislative requirements in the development of system security processes

Technology

  • Monitors and controls access to digitally stored and transmitted information

Unit Mapping Information

Supersedes and is equivalent to ICTNWK510 Develop, implement and evaluate system and application security.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

  • create and implement an Information and Communications Technology (ICT) system and application security plan on at least one occasion.

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

  • industry standard programming languages
  • industry standard best practices in application of language syntax rules, including:
  • data structures
  • graphical user interfaces (GUIs)
  • small-size application development
  • legislation, regulations and codes of practice that impact on network security
  • threats and risks to the security environment
  • security assurance specifications
  • risk assessment process required in evaluating system vulnerabilities, including:
  • risk mitigation
  • security control selection
  • implementation and evaluation process
  • software security standards compliance.

Assessment Conditions

Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.

This includes access to:

  • ICT business specifications
  • information on security environment, including:
  • laws and legislation
  • existing organisational security policies
  • organisational expertise and knowledge
  • application and system scenarios.

Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2