Unit of competency
Modification History
Release |
Comments |
Release 1 |
This version first released with ICT Information and Communications Technology Training Package Version 1.0. |
Application
This unit describes the skills and knowledge required to ensure, and maintain, the security of a dynamic commercial website.
It applies to individuals working as website developers responsible for security of dynamic websites, who are proficient communicators and can analyse technical data capably and with efficiency.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Unit Sector
Web
Elements and Performance Criteria
ELEMENT |
PERFORMANCE CRITERIA |
Elements describe the essential outcomes. |
Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Undertake the risk assessment |
1.1 Identify the functionality and features of the website, and confirm these with the client 1.2 Identify security threats, with reference to the functionality of the site and organisational security policy, legislation and standards 1.3 Complete a risk analysis to prioritise the security threats, and identify system vulnerabilities 1.4 Identify resource and budget constraints, and validate with the client as required 1.5 Source the appropriate products, security services and equipment, according to enterprise purchasing policies |
2. Secure the operating systems |
2.1 Identify operating system (OS) and cross-platform vulnerabilities 2.2 Make the appropriate scripting or configuration adjustments, with reference to the functionality of the site and the security policy 2.3 Identify and rectify weaknesses specific to the OS |
3. Secure the site server |
3.1 Configure the web server securely, with reference to the required functionality and the security policy 3.2 Review and analyse, server-side scripting with reference to the required functionality and the security policy 3.3 Install firewalls as required 3.4 Establish access control permissions to the server and database |
4. Secure data transactions |
4.1 Identify data transactions, with reference to the functionality and features of the website 4.2 Identify and apply, the channel protocols related to the requirements 4.3 Install and configure, the payment systems |
5. Monitor and document the security framework |
5.1 Develop a program of selective independent audits and penetration tests 5.2 Determine the performance benchmarks 5.3 Implement audit and test programs, and record, analyse and report the results 5.4 Make security framework changes based on the test results 5.5 Develop the site-security plan, with reference to the security policy and requirements 5.6 Develop and distribute, related policy and procedures to the client |
Foundation Skills
This section describes language, literacy, numeracy and employment skills incorporated in the performance criteria that are required for competent performance.
Skill |
Performance Criteria |
Description |
Reading |
1.3-1.5, 2.1, 2.3, 3.2, 4.1, 4.2, 5.4 |
|
Writing |
1.1, 1.3, 1.4, 2.2, 3.3, 4.3, 5.1, 5.2, 5.3, 5.5, 5.6 |
|
Oral Communication |
1.1, 1.3, 1.4, 5.3, 5.6 |
|
Numeracy |
1.4, 1.5, 4.3 |
|
Navigate the world of work |
1.2, 1.5, 3.1, 3.2, 5.5 |
|
Interact with others |
1.1, 1.4, 5.6 |
|
Get the work done |
1.1-1.5, 2.2, 2.3, 3.2-3.4, 4.3, 5.1-5.5 |
|
Unit Mapping Information
Code and title current version |
Code and title previous version |
Comments |
Equivalence status |
ICTWEB423 Ensure dynamic website security |
ICAWEB423A Ensure dynamic website security |
Updated to meet Standards for Training Packages |
Equivalent unit |
Links
Companion Volume implementation guides are found in VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2