Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Establish cyber security incident
   • Establish and confirm occurrence and nature of cyber security incident
   • Identify legislative requirements, organisational policies and procedures and cyber security incident response plans
   • Analyse and assess source, impact and consequences of incident according to organisational response plans
   • Notify and explain cyber incident to required personnel according to legislative requirements and communications plans
2. Activate cyber security incident response plan
   • Activate incident response plan and confirm cyber incident is contained
   • Escalate and involve third party services and specialists as required according to organisational policies and procedures
   • Confirm no further risks exist according to legislative requirements and organisational response procedures
   • Discuss solutions with required personnel and action accordingly
   • Test solution implemented, and escalate as required according to organisational security procedures
3. Perform post cyber security incident response procedures
   • Evaluate actions taken and confirm incident is fixed and secure according to organisational procedures
   • Document cyber security incident, actions performed and solution, according to organisational policies and procedures
   • Discuss and document lessons learnt with required personnel
   • Discuss and implement preventative measures and mitigation methods as required
   • Amend incident response plan accordingly
   • Share documentation and communicate with required personnel according to organisational communications plan

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

respond to at least two different cyber security incidents in at least two different business functions

develop and follow a basic communications plan.

In the course of the above, the candidate must:

comply with organisational cyber security incident response plan

adhere to legislative requirements and organisational policies and procedures.

---

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

key features of incident response plans

cyber security incidents and the source and causes of these incidents

types of attacks, including:

denial-of-service attack (DoS)

SQL injection (SQLi)

cross-site scripting (XSS) attacks

scripted attacks

hardware attacks

attacks against Wi Fi

cyber security incident detection methodologies

preventative measures and mitigation methods applicable to cyber security incidents

documentation processes that may be used in the process of responding to cyber security incidents

organisational policies and procedures applicable to cyber security incident response, including procedures for:

determining nature and location of incidents

containing incidents, including installation of security patches and disabling network access

notifying and reporting to required personnel

encryptions

assessing impact on business function and other areas

procedures in developing communications plans.

---