List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
ELEMENT | PERFORMANCE CRITERIA |
Elements describe the essential outcomes. | Performance criteria describe the performance needed to demonstrate achievement of the element. |
1. Determine business security requirements | 1.1 Identify the level of security required based on the business, and the commercial intent of the website 1.2 Identify whether password protection is needed for the site, or part of the site 1.3 Decide on minimum or maximum password protection solutions, based on the business requirements |
2. Ensure web server security | 2.1 Ensure that the web server password is obscure and non-traceable 2.2 Install and maintain an effective intrusion detection system, according to business requirements 2.3 Ensure that user accounts have only the required permissions on the server 2.4 Ensure that interpreters’ programs, that run common gateway interfaces (CGIs), are not stored in the CGI-bin directory 2.5 Ensure that web forms check data before passing it to the server |
3. Ensure protocol security | 3.1 Protect the fixed internet connection, and the internet protocol (IP) address 3.2 Protect shared network resources from intrusion, according to business requirements 3.3 Ensure that personal computer (PC) protocols and preferences follow security protocols 3.4 Disable control protocol, or internet protocol (TCP/IP), bindings for file and printer sharing 3.5 Ensure that network basic input/output system (NetBIOS) over TCP/IP is disabled |
Evidence of the ability to:
identify the level of security required by the business for the website
implement password protection solutions, for the website and the server
install and maintain, an intrusion detection system
implement protocol security.
Note: If a specific volume or frequency is not stated, then evidence must be provided at least once.
To complete the unit requirements safely and effectively, the individual must:
outline the client business domain, including the client organisation structure and business functionality
identify current industry-accepted hardware and software products
outline desktop applications and operating systems, as required
describe firewall functionality
describe hypertext transfer protocol (HTTP) and disk and executing monitor tools (daemons)
outline the range of security protocols, including:
secure socket layer (SSL)
point-to-point network tunnelling protocol (PPTP)
layer 2 tunnelling protocol (L2TP)
define security patches
explain specific purpose security computers, acting as bastion hosts
explain web-server operating systems.
Gather evidence to demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances should be typical of those experienced in the website technologies field of work, and include access to:
special purpose tools, equipment, materials
industry software packages
a basic website and web servers
the organisational requirements documentation
website manuals and instructions.
Assessors must satisfy NVR/AQTF assessor requirements.