^

 
 

Unit of competency details

ICTWEB408 - Ensure basic website security (Release 1)

Summary

Usage recommendation:
Superseded
Mapping:
MappingNotesDate
Supersedes and is equivalent to ICAWEB408A - Ensure basic website securityUpdated to meet Standards for Training Packages 24/Mar/2015
Is superseded by and equivalent to ICTWEB439 - Confirm basic website security 20/Jul/2020

Releases:
ReleaseRelease date
1 1 (this release) 25/Mar/2015


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  30/Jul/2015 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit Of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Application

This unit describes the skills and knowledge required to provide basic website server, and protocol security appropriate to the level required by an organisation.

It applies to individuals employed as web maintenance staff who are required to ensure that a website meets basic security requirements.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Web

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Determine business security requirements

1.1 Identify the level of security required based on the business, and the commercial intent of the website

1.2 Identify whether password protection is needed for the site, or part of the site

1.3 Decide on minimum or maximum password protection solutions, based on the business requirements

2. Ensure web server security

2.1 Ensure that the web server password is obscure and non-traceable

2.2 Install and maintain an effective intrusion detection system, according to business requirements

2.3 Ensure that user accounts have only the required permissions on the server

2.4 Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory

2.5 Ensure that web forms check data before passing it to the server

3. Ensure protocol security

3.1 Protect the fixed internet connection, and the internet protocol (IP) address

3.2 Protect shared network resources from intrusion, according to business requirements

3.3 Ensure that personal computer (PC) protocols and preferences follow security protocols

3.4 Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing

3.5 Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled

Foundation Skills

This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.

Skill 

Performance Criteria 

Description 

Reading

1.1-1.3, 2.1-2.5, 3.1-3.5

  • Identify and evaluate technical information to produce solutions to business requirements
  • Identify critical information and cross check for accuracy

Writing

2.2, 3.1-3.5

  • Writes and edits, computer code and technical data, ensuring the correct syntax and accuracy

Oral Communication

1.1, 1.2

  • Listens and asks questions to elicit information

Navigate the world of work

1.3

  • Ensures the compliance of the product against the business requirements and protocols

Get the work done

1.1-1.3, 2.1-2.5, 3.1-3.5

  • Plans approach to work based on the analysis of business needs and requirements
  • Sequences, schedules and prioritises own work activities
  • Resolves issues and implements tests, to ascertain the functionality of solutions prior to full implementation
  • Utilises a combination of lateral and analytical thinking, to evaluate and validate reliability, and the efficacy of the website
  • Uses a range of digitally-based technologies, and the software packages and hardware, required for interrogating vendor databases and websites

Unit Mapping Information

Code and title 

current version 

Code and title 

previous version 

Comments 

Equivalence status 

ICTWEB408 Ensure basic website security

ICAWEB408A Ensure basic website security

Updated to meet Standards for Training Packages

Equivalent unit

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Performance Evidence

Evidence of the ability to:

  • identify the level of security required by the business for the website
  • implement password protection solutions, for the website and the server
  • install and maintain, an intrusion detection system
  • implement protocol security.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

Knowledge Evidence

To complete the unit requirements safely and effectively, the individual must:

  • outline the client business domain, including the client organisation structure and business functionality
  • identify current industry-accepted hardware and software products
  • outline desktop applications and operating systems, as required
  • describe firewall functionality
  • describe hypertext transfer protocol (HTTP) and disk and executing monitor tools (daemons)
  • outline the range of security protocols, including:
  • secure socket layer (SSL)
  • point-to-point network tunnelling protocol (PPTP)
  • layer 2 tunnelling protocol (L2TP)
  • define security patches
  • explain specific purpose security computers, acting as bastion hosts
  • explain web-server operating systems.

Assessment Conditions

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace.  Noise levels, production flow, interruptions and time variances should be typical of those experienced in the website technologies field of work, and include access to:

  • special purpose tools, equipment, materials
  • industry software packages
  • a basic website and web servers
  • the organisational requirements documentation
  • website manuals and instructions.

Assessors must satisfy NVR/AQTF assessor requirements.

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2