Google Links

Follow the links below to find material targeted to the unit's elements, performance criteria, required skills and knowledge

Elements and Performance Criteria

1. Prepare to perform risk assessment
   • Analyse organisations risk culture and document findings according to organisational requirements
   • Research and document legislative and organisational cyber security risk requirements
   • Obtain and analyse organisation’s risk register and determine its currency against organisational legislative requirements
   • Develop and document risk assessment plan according to organisational requirements
   • Communicate risk assessment plan with required personnel and seek and respond to feedback
2. Perform risk assessment
   • Initiate risk assessment according to plan
   • Document process and outcomes of risk assessment according to organisational policies and procedures
3. Finalise risk assessment
   • Analyse and document findings against risk register and determine operations outside of organisation’s risk appetite
   • Develop and document operational measures to align operations against risk register requirements
   • Communicate risk assessment findings to required personnel and highlight areas of non-compliance and solutions
   • Lodge documentation according to organisational requirements

Performance Evidence

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

conduct a cyber security risk assessment on at least one occasion.

In the course of the above, the candidate must:

identify and analyse an organisation’s risk appetite and risk register against their daily operations

research cyber security legislation and align organisational risk assessment to require legislation

document processes and outcomes.

---

Knowledge Evidence

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

risk assessment methodologies and processes required in cyber security

methodologies of identifying and measuring risk culture and risk appetite in the cyber environment

sources of legislative requirements required in cyber security

organisational procedures applicable to conducting a cyber security risk assessment including,

documenting risk assessment processes and findings

establishing requirements and features of cyber security risk assessment processes.

---