Unit of Competency Mapping – Information for Teachers/Assessors – Information for Learners

ICTCYS402 Mapping and Delivery Guide
Identify and confirm cyber security incidents

Version 1.0
Issue Date: May 2024


Qualification -
Unit of Competency ICTCYS402 - Identify and confirm cyber security incidents
Description
Employability Skills
Learning Outcomes and Application This unit describes the skills and knowledge required to identify, confirm and report cyber security incidents in an organisation.It applies to individuals who work in information technology security, and gather logs from systems, networks and applications to identify the occurrence of incidents in any business environment.No licensing, legislative or certification requirements apply to this unit at the time of publication.
Duration and Setting X weeks, nominally xx hours, delivered in a classroom/online/blended learning setting.

Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.

This includes access to:

required hardware, software and its components

system, network and application infrastructure and logs

the internet

organisational security procedures including incident response plans.

Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.
Prerequisites/co-requisites
Competency Field
Development and validation strategy and guide for assessors and learners Student Learning Resources Handouts
Activities 		Slides
PPT 		Assessment 1 Assessment 2 Assessment 3 Assessment 4
Elements of Competency Performance Criteria              
Element: Identify cyber security incidents
  • Identify and review legislative requirements and organisational procedures and policies applicable to cyber security incidents and incident response plans
  • Obtain and analyse system, network and application infrastructure and logs according to organisational security procedures
  • Analyse and test application and confirm assumptions of incidents according to organisational security procedures
  • Discuss differences between network and systems incidents with required personnel
       
Element: Confirm cyber security incidents
  • Confirm whether incidents are network or systems related
  • Discuss and confirm incident with required personnel
  • Identify and discuss potential changes required to system, network and application
       
Element: Report and document cyber security incidents
  • Report cyber security incident to required personnel, according to legislative requirements and organisational policies and procedures
  • Document exposed vulnerability and changes, solutions and actions discussed according to organisational policies and procedures
       


Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

identify and confirm occurrence of at least:

one network incident

one system incident

one wireless or Wi-Fi incident

one application incident.

In the course of the above, the candidate must:

discuss and contribute at least one potential change to each incident

adhere to legislative requirements and organisational security procedures.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

different types of cyber security incidents and attacks, including:

security vulnerabilities and malware

denial-of-service attack (DDOS)

SQL injection (SQLi)

cross-site scripting (XSS) attacks

scripted attacks

hardware attacks

attacks against Wi Fi

cyber security risks

methods of testing systems, networks and applications and confirming incidents

common procedures in:

following organisational cyber security incident response plans

responding to cyber security incidents

legislative requirements applicable to identifying and reporting cyber security incidents

organisational policies and procedures applicable to cyber security incidents, including:

documenting established requirements, incidents and work performed

security procedures

obtaining and analysing system, network and application information

cyber security incident response processes and plans

establishing reporting procedures.

Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assignment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)

Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Identify and review legislative requirements and organisational procedures and policies applicable to cyber security incidents and incident response plans 
Obtain and analyse system, network and application infrastructure and logs according to organisational security procedures 
Analyse and test application and confirm assumptions of incidents according to organisational security procedures 
Discuss differences between network and systems incidents with required personnel 
Confirm whether incidents are network or systems related 
Discuss and confirm incident with required personnel 
Identify and discuss potential changes required to system, network and application 
Report cyber security incident to required personnel, according to legislative requirements and organisational policies and procedures 
Document exposed vulnerability and changes, solutions and actions discussed according to organisational policies and procedures 

Forms

Assessment Cover Sheet

ICTCYS402 - Identify and confirm cyber security incidents
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:

Assessment Record Sheet

ICTCYS402 - Identify and confirm cyber security incidents

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: