Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Contribute to recommending risk management strategies that mitigate cyber security risk
   • Consult with stakeholders to determine scope of risk management appropriate to organisation and industry
   • Review relevant critical cyber risk management strategies appropriate to level of risk
   • Assist in developing suitable cyber security response options according to organisational policies and procedures
   • Present options for risk management strategies for approval within scope of own role
   • Document approved risk management strategies
2. Support implementation of approved risk management strategies in response to risk
   • Support communication of approved risk management strategies to required personnel
   • Contribute to monitoring cyber security risk according to selected risk management strategies
   • Assist in determining compliance with implemented cyber risk mitigation strategies
   • Address non-compliance within scope of own role and escalate where required according to organisational policies and procedures
   • Assist in establishing feedback processes that provide warning of potential new risks according to organisational requirements
3. Review and revise implemented risk management strategies
   • Identify benchmarks to track effectiveness of risk management strategies
   • Support evaluation of effectiveness of implemented strategies
   • Update risk management strategies with new information as required

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

contribute to developing and implementing risk management strategies that control two different identified cyber security risks and document the response option applied to each risk

support evaluation of effectiveness of each implemented strategy.

---

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

legislative and regulatory requirements relating to contributing to cyber security risk management, including:

data protection legislation

notifiable data breach legislation

Australian privacy laws

established international legislation

key risk management strategies, including:

regular organisational training

regular threat assessment

cyber security incident response plan

clear escalation routes

organisational policies and procedures, including for:

analysing and reviewing risk management methodologies

developing communications plans

evaluating effectiveness of risk management strategies

monitoring cyber risk

reviewing currency of risk register

industry-specific knowledge of suitable procedures for applying risk management strategy

guidelines required for updating technology

business process design principles in relation to risk management

reporting mechanisms for tracking organisational cyber security maturity.

---