Elements and Performance Criteria
- Ensure user accounts are controlled
- Review organisation's network and security policy to ensure up-to-date knowledge and understanding of policies
- Modify default and previously created user settings to ensure that they conform with organisational securitypolicy
- Investigate log-on procedures for security and appropriateness and modify log-on requirements, using relevant utilities, where applicable
- Review and monitor user wireless access of mobile equipment to the network where applicable
- Ensure that appropriate procedures are put in place to deal with user accounts that are no longer required
- Access information resources to identify and understand current, documented security gaps and their associated repair procedure
- Ascertain the security repairs applicable to the current network and discuss with appropriateperson to gain approval for repair implementation
- Obtain and implement the appropriate hardware and software necessary for network security repair
- Secure file and resource access
- Review inbuilt security and access features of the operating system and document areas for concern
- Analyse the file security categorisation scheme and the role of users in setting file security, in relation to organisational securitypolicy and recommend revision, if necessary
- Implement, if necessary, a process for ongoing updates of virus checking software, at server and workstation levels
- Investigate and implement inbuilt or additional encryption facilities, as appropriate, to meet organisational security needs
- Monitor threats to the system
- Investigate the current security of the network, including physical aspects, utilising appropriate third-party testing software where applicable
- Review logs and audit reports to identify and record securitythreats, intrusions or attempts
- Carry out spot checks and other activities to ensure that procedures are not being bypassed
- Evaluate the findings of the state of security and prepare recommendations for improvement
- Prepare documentation in a report for presentation to appropriate person to gain approval for changes to be made