Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Prepare for penetration testing
   • Analyse organisation’s existing cyber security environment, systems and network requirements
   • Identify individual data types and level of security requirements
   • Establish and outline goal and objectives of performing penetration testing
   • Evaluate scanning tools and select according to vulnerability assessment requirements
   • Establish and document testing regime and schedule, and requirements according to organisational procedures
2. Conduct penetration tests
   • Perform penetration test according to testing plan and procedures
   • Identify and document vulnerabilities arising from vulnerability assessment
   • Identify and document potential threats arising from penetration test according to organisational and testing procedures
3. Conduct follow up activities
   • Remediate identified vulnerabilities according to testing procedures
   • Determine and document improvement plan
   • Evaluate penetration testing effectiveness against testing plan and procedures
   • Escalate unresolved vulnerabilities to required personnel
   • Submit documentation to required personnel and seek and respond to feedback

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

plan and implement penetration testing and resolve queries and vulnerabilities on at least three vulnerabilities.

In the course of the above, the candidate must:

identify weaknesses as part of penetration testing process.

---

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

security risks and vulnerabilities in software systems

tools used in testing a network for vulnerabilities including scanning tools

advanced level penetration testing of a system

methods and tools used to protect data in an organisation

risk mitigation strategies

organisational procedures applicable to undertaking penetration testing, including:

establishing goals and objectives of penetration testing

defining scope of testing and establishment of testing regime

documenting established requirements

establishing penetration testing procedures

documenting findings, threats and work performed

key organisational environments, systems and networks required to undertake penetration testing for organisations.

---