Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Plan information security strategies
   • Discuss implementation opportunities for organisational information security strategies with required personnel
   • Gain management buy in and approval in planning and implementing information security strategy
   • Identify and confirm organisational policies including password policies, bring your own device (BYOD) and on boarding processes with required personnel
   • Analyse organisational environments, processes and risk profile requirements
   • Identify legislation and industry requirements to implement information security strategies in an organisation
2. Design and implement information security strategy
   • Develop action plan with specific goals and objectives of information security strategy according to organisational needs
   • Design secure network infrastructure and security strategy according to organisational needs
   • Analyse data classifications and levels of access in operational processes and integrate with strategy
   • Document designed information security strategy according to organisational procedures
   • Implement information security strategy according to design and organisational needs
3. Test and finalise information security strategy
   • Establish security baselines and metrics according to organisational needs
   • Perform testing procedures and confirm information security strategy addresses organisational needs
   • Record and compare test results to established metrics and benchmarks
   • Finalise documentation and report information security strategy outcomes to required personnel
   • Obtain feedback from required personnel and amend information security strategy accordingly
   • Review final information security strategy and obtain sign-off from required personnel

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

plan and implement an information security strategy according to organisational needs.

In the course of the above, the candidate must:

establish at least three security baselines and at least three testing metrics

comply with legislation and industry requirements

follow organisational procedures.

---

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

function of information security strategy testing procedures, including:

vulnerability tests

basic penetration tests

key organisational environment and business processes required to plan and implement information security strategies for an organisation

network and cyber security features and principals

types of data and classifications including sensitivity levels

advantages and importance of implementing information security strategies

organisational procedures applicable to developing information security strategies, including:

documentation processes

designing secure network infrastructure

establishing requirements and features of information security strategies

establishing baselines and metrics

testing methodologies.

---