Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Implement policy-based code-access security

1.1 Identify purpose of application security in software development

1.2 Configure required platform security configuration files using security configuration tools

1.3 Define required restriction custom code access permission and restrict access to protected resources

1.4 Define required access restriction custom code access and run protected operations

2. Implement security access control

2.1 Plan and document authentication and authorisation strategy according to organisational policies and procedures

2.2 Develop and document required application authentication and authorisation strategy

3. Write encrypt and decrypt code data

3.1 Determine and document required standard cryptographic algorithms

3.2 Encrypt, and decrypt, data using standard cryptographic algorithms

4. Protect application against injections

4.1 Plan and document secure input and output handling and prevent vulnerabilities related to code injections

4.2 Use secure input and output handling according to task requirements

S KILL 

DESCRIPTION 

Oral communication

• Articulates requirements and responsibilities distinctively, using effective communication techniques and industry standard technical language intended for audience and environment

Reading

• Evaluates complex and varied information, and concepts, in software security

Writing

• Prepares technical workplace documents detailing processes and outcomes that fulfil the expectations of different stakeholders
• Writes and edits computer code, and technical data using correct syntax and logical flow

Planning and organising

• Takes responsibility for planning, sequencing and prioritising processes and tasks to achieve the required outcomes
• Uses a range of digital tools and sophisticated techniques to meet desired outcomes
• Is acutely aware of the importance of data security and of monitoring, and controlling, access to digitally stored and transmitted information

Problem solving

• Uses nuanced knowledge of context to demonstrate knowledge of anomalies and subtle deviations to normal expectations, focusing attention and remedying problems as they arise
• Applies systematic and analytical problem-solving processes, in order to develop required security access control strategies

Technology

• Demonstrates knowledge of principles, concepts, language and practices associated with the digital world

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.