^

 
 

Unit of competency details

ICTWEB423 - Ensure dynamic website security (Release 1)

Summary

Usage recommendation:
Current
Mapping:
MappingNotesDate
Supersedes and is equivalent to ICAWEB423A - Ensure dynamic website securityUpdated to meet Standards for Training Packages 24/Mar/2015

Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 25/Mar/2015


Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  30/Jul/2015 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Unit Of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Application

This unit describes the skills and knowledge required to ensure, and maintain, the security of a dynamic commercial website.

It applies to individuals working as website developers responsible for security of dynamic websites, who are proficient communicators and can analyse technical data capably and with efficiency.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Web

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Undertake the risk assessment

1.1 Identify the functionality and features of the website, and confirm these with the client

1.2 Identify security threats, with reference to the functionality of the site and organisational security policy, legislation and standards

1.3 Complete a risk analysis to prioritise the security threats, and identify system vulnerabilities

1.4 Identify resource and budget constraints, and validate with the client as required

1.5 Source the appropriate products, security services and equipment, according to enterprise purchasing policies

2. Secure the operating systems

2.1 Identify operating system (OS) and cross-platform vulnerabilities

2.2 Make the appropriate scripting or configuration adjustments, with reference to the functionality of the site and the security policy

2.3 Identify and rectify weaknesses specific to the OS

3. Secure the site server

3.1 Configure the web server securely, with reference to the required functionality and the security policy

3.2 Review and analyse, server-side scripting with reference to the required functionality and the security policy

3.3 Install firewalls as required

3.4 Establish access control permissions to the server and database

4. Secure data transactions

4.1 Identify data transactions, with reference to the functionality and features of the website

4.2 Identify and apply, the channel protocols related to the requirements

4.3 Install and configure, the payment systems

5. Monitor and document the security framework

5.1 Develop a program of selective independent audits and penetration tests

5.2 Determine the performance benchmarks

5.3 Implement audit and test programs, and record, analyse and report the results

5.4 Make security framework changes based on the test results

5.5 Develop the site-security plan, with reference to the security policy and requirements

5.6 Develop and distribute, related policy and procedures to the client

Foundation Skills

This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.

Skill 

Performance Criteria 

Description 

Reading

1.3-1.5, 2.1, 2.3, 3.2, 4.1, 4.2, 5.4

  • Reads and interprets plans, specifications, computer program interface, and other documentation from a variety of sources, and consolidates information to determine requirements

Writing

1.1, 1.3, 1.4, 2.2, 3.3, 4.3, 5.1, 5.2, 5.3, 5.5, 5.6

  • Makes adjustments to software scripting, and creates procedural and related workplace documentation, for a specific audience, using clear and detailed language in order to convey explicit information

Oral Communication

1.1, 1.3, 1.4, 5.3, 5.6

  • Uses listening and questioning skills to confirm understanding for technical, operational and business requirements, participates in a verbal exchange of ideas/solutions, and uses appropriate, detailed and clear language to address the client

Numeracy

1.4, 1.5, 4.3

  • Undertakes numerical analyses during testing, and calculates, and evaluates system results and performance

Navigate the world of work

1.2, 1.5, 3.1, 3.2, 5.5

  • Accepts responsibility and ownership of tasks, and makes decisions on completion parameters, and the need for coordination with others
  • Takes personal responsibility for following explicit and implicit policies, procedures and legislative requirements

Interact with others

1.1, 1.4, 5.6

  • Selects and uses, the appropriate conventions and protocols, when communicating with clients and co-workers in a range of work contexts

Get the work done

1.1-1.5, 2.2, 2.3, 3.2-3.4, 4.3, 5.1-5.5

  • Takes responsibility for planning, sequencing and prioritising tasks and own workload, for efficiency and effective outcomes
  • Makes routine decisions and implements standard procedures for routine tasks, using formal decision-making processes for more complex and non-routine situations
  • Addresses less predictable problems and initiates standard procedures in response to these problems, applying problem-solving processes in determining a solution
  • Uses familiar digital technologies and systems to access information, search and enter, data and code, present information, and communicate with others, cognisant of data security and safety

Unit Mapping Information

Code and title 

current version 

Code and title 

previous version 

Comments 

Equivalence status 

ICTWEB423 Ensure dynamic website security

ICAWEB423A Ensure dynamic website security

Updated to meet Standards for Training Packages

Equivalent unit

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 1.0.

Performance Evidence

Evidence of the ability to:

  • determine the client security framework, and its requirements
  • identify any potential security threats to a website, and document the risk and performance benchmarks
  • develop and implement, strategies to secure a dynamic website.

Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.

Knowledge Evidence

To complete the unit requirements safely and effectively, the individual must:

  • summarise the Australian Computer Society Code of Ethics
  • explain a client business domain, its structure, function and organisation, including the organisational issues surrounding security
  • identify and outline the legislation, regulations, and codes of practice pertinent to website information, including:
  • copyright
  • intellectual property
  • privacy
  • ethics
  • outline current industry-accepted hardware and software products
  • describe desktop applications and operating systems (OS), as they relate to website security
  • explain the functions and features of:
  • automated intrusion detection software
  • authentication and access control
  • common stored account payment systems
  • cryptography
  • common gateway interface (CGI) scripts
  • generic secure protocols
  • stored-value payment systems
  • explain the implications of network address translation (NAT), related to:
  • securing internal, internet protocol (IP) addresses
  • buffer overruns and stack smashing
  • operating system deficiencies
  • the protocol stack for internet communications
  • physical web server security, particularly remote
  • describe the advantages, and disadvantages, of using a range of security features
  • identify and describe, host security threats.

Assessment Conditions

Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the website technologies field of work, and include access to:

  • a dynamic website
  • a security plan
  • the user requirements
  • all relevant legislation, standards and organisational requirements.

Assessors must satisfy NVR/AQTF assessor requirements.

Links

Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2