List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:
perform at least one vulnerability test assessment
define and run at least one basic penetration test.
In the course of the above, the candidate must:
assess web based, network based and hardware-based vulnerabilities
adhere to organisational procedures
document and report activities.
The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:
security risks and vulnerabilities in software systems
tools used in testing a network for vulnerabilities including scanning tools
basic level penetration testing of a system
methods and tools used to protect data in an organisation
risk mitigation strategies that may be used running vulnerability assessments for an organisation
organisational procedures applicable to running vulnerability assessments, including:
establishing goals and objectives of vulnerability assessments
defining scope of testing and establishment of testing regime
documenting established requirements
establishing penetration testing procedures
documenting findings, threats and work performed
key organisational environments, systems and networks required to run vulnerability assessments.
Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.
This includes access to:
required software testing packages
required hardware and its components
vulnerability scanning tools
a server
text-editing software
information applicable to organisational environment, systems and network
required organisation network, systems or applications.
Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.