^
 
 

Unit of competency details

ICTWEB439 - Confirm basic website security (Release 1)

Summary

Usage recommendation:
Current
Mapping:
MappingNotesDate
Supersedes and is equivalent to ICTWEB408 - Ensure basic website security 20/Jul/2020

Release Status:
Current
Releases:
ReleaseRelease date
1 1 (this release) 21/Jul/2020

Companion volumes:
Unit of competency Assessment requirements

Delivery:
Find RTOs approved to deliver this unit of competency.

Training packages that include this unit

Qualifications that include this unit

Skill sets that include this unit

Classifications

SchemeCodeClassification value
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  

Classification history

SchemeCodeClassification valueStart dateEnd date
ASCED Module/Unit of Competency Field of Education Identifier 029901 Security Science  21/Jul/2020 
The content being displayed has been produced by a third party, while all attempts have been made to make this content as accessible as possible it cannot be guaranteed. If you are encountering issues following the content on this page please consider downloading the content in its original form

Content

Compare:
Compare content of this unit of competency with other releases or training components
Download:

Unit of competency

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Application

This unit describes the skills and knowledge required to provide basic website server and protocol security to level required by an organisation.

The unit applies to individuals employed as web maintenance staff who are required to check that a website meets basic security requirements.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

Unit Sector

Web

Elements and Performance Criteria

ELEMENT 

PERFORMANCE CRITERIA 

Elements describe the essential outcomes.

Performance criteria describe the performance needed to demonstrate achievement of the element.

1. Determine business security requirements

1.1 Identify level of security required according to business and commercial intent of website

1.2 Identify whether password protection is required for site, or part of site

1.3 Decide on minimum and maximum password protection solutions according to business requirements

2. Confirm web server security

2.1 Confirm web server password is obscure and non-traceable

2.2 Install and maintain intrusion detection system, according to business requirements

2.3 Check and confirm user accounts only have required permissions on server

2.4 Confirm interpreters’ programs running common gateway interfaces (CGIs) are not stored in CGI-bin directory

2.5 Check web form data before passing it to server

3. Confirm protocol security

3.1 Protect fixed internet connection and internet protocol (IP) address

3.2 Protect shared network resources from intrusion, according to business requirements

3.3 Conform protocols and preferences on digital devices follow security protocols

3.4 Disable control protocol and internet protocol (TCP/IP) bindings according to task requirements

3.5 Check and confirm network basic input/output system (NetBIOS) over TCP/IP is disabled

3.6 Confirm basic security level of website is met with required personnel

Foundation Skills

This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.

SKILL 

DESCRIPTION 

Oral communication
  • Listens and asks questions in eliciting information

Reading
  • Identify and evaluate technical information in producing solutions according to business requirements
  • Identify critical information and confirms accuracy through cross checks

Writing
  • Writes and edits, computer code and technical data and confirms syntax and accuracy

Planning and organising
  • Plans approach to work according to analysis of business needs and requirements

Problem solving
  • Resolves issues and implements tests and ascertains functionality of solutions prior to full implementation
  • Utilises a combination of lateral and analytical thinking and evaluates and validates reliability and efficacy of website

Self-management
  • Sequences, schedules and prioritises own work activities

Technology
  • Uses a range of digitally-based technologies and software packages and hardware, required for interrogating vendor databases and websites

Unit Mapping Information

Supersedes and is equivalent to ICTWEB408 Ensure basic website security.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

 

Assessment requirements

Modification History

Release 

Comments 

Release 1

This version first released with ICT Information and Communications Technology Training Package Version 6.0.

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

  • confirm a basic level of security for a website according to business requirements.

In the course of the above, the candidate must:

  • implement password protection solutions, for the website and server
  • install and maintain, an intrusion detection system
  • implement protocol security
  • confirm security of website with required personnel.

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

  • the client business domain, including client organisation structure and business functionality and requirements
  • desktop applications and operating systems, as required
  • firewall functionality
  • hypertext transfer protocol (HTTP) and disk and executing monitor tools (daemons)
  • the range of security protocols, including:
  • secure socket layer (SSL)
  • point-to-point network tunnelling protocol (PPTP)
  • layer 2 tunnelling protocol (L2TP)
  • required security patches used to confirm basic website security
  • disabling control protocol and internet protocol (TCP/IP) bindings, including file and printer sharing
  • industry standard protection solutions
  • specific purpose security devices acting as bastion hosts
  • web-server operating systems.

Assessment Conditions

Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.

This includes access to:

  • required tools, equipment, materials
  • a website and web servers
  • the internet
  • industry-standard hardware and software packages and products
  • digital devices
  • organisational requirements documentation
  • website manuals and instructions.

Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.

Links

Companion Volume Implementation Guide is found on VETNet - https://vetnet.gov.au/Pages/TrainingDocs.aspx?q=a53af4e4-b400-484e-b778-71c9e9d6aff2

Back to top