Application
This unit describes the skills and knowledge required to contribute to cyber security risk management, which includes assisting in developing and managing associated risk management strategies.
It applies to those working in a broad range of industries and job roles who work alongside technical experts to develop cyber security risk-management strategies.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
1. Contribute to recommending risk management strategies that mitigate cyber security risk | 1.1 Consult with stakeholders to determine scope of risk management appropriate to organisation and industry 1.2 Review relevant critical cyber risk management strategies appropriate to level of risk 1.3 Assist in developing suitable cyber security response options according to organisational policies and procedures 1.4 Present options for risk management strategies for approval within scope of own role 1.5 Document approved risk management strategies |
2. Support implementation of approved risk management strategies in response to risk | 2.1 Support communication of approved risk management strategies to required personnel 2.2 Contribute to monitoring cyber security risk according to selected risk management strategies 2.3 Assist in determining compliance with implemented cyber risk mitigation strategies 2.4 Address non-compliance within scope of own role and escalate where required according to organisational policies and procedures 2.5 Assist in establishing feedback processes that provide warning of potential new risks according to organisational requirements |
3. Review and revise implemented risk management strategies | 3.1 Identify benchmarks to track effectiveness of risk management strategies 3.2 Support evaluation of effectiveness of implemented strategies 3.3 Update risk management strategies with new information as required |
Evidence of Performance
The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:
contribute to developing and implementing risk management strategies that control two different identified cyber security risks and document the response option applied to each risk
support evaluation of effectiveness of each implemented strategy.
Evidence of Knowledge
The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:
legislative and regulatory requirements relating to contributing to cyber security risk management, including:
data protection legislation
notifiable data breach legislation
Australian privacy laws
established international legislation
key risk management strategies, including:
regular organisational training
regular threat assessment
cyber security incident response plan
clear escalation routes
organisational policies and procedures, including for:
analysing and reviewing risk management methodologies
developing communications plans
evaluating effectiveness of risk management strategies
monitoring cyber risk
reviewing currency of risk register
industry-specific knowledge of suitable procedures for applying risk management strategy
guidelines required for updating technology
business process design principles in relation to risk management
reporting mechanisms for tracking organisational cyber security maturity.
Assessment Conditions
Skills must be assessed in a workplace or simulated environment where conditions are typical of a work environment requiring cyber secure practices, processes and procedures.
Access is required to:
information and data sources relating to cyber security
device with active internet connection
internet browser
industry standards, organisational procedures, and legislative requirements required to demonstrate the performance evidence.
Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.
Foundation Skills
Learning | Modifies behaviour following exposure to new information |
Numeracy | Interprets mathematical data |
Oral communication | Asks open and closed probing questions and actively listens to clarify consultations Communicate proposed risk management strategies to required personnel |
Reading | Recognises and interprets information from relevant sources to determine organisational expectations and legal requirements |
Writing | Uses clear, specific and industry-related terminology relating to cyber security Maintains and updates a range of documents, including risk registers and incident response plans |
Planning and organising | Manages incident response plans |
Teamwork | Works collaboratively with interdisciplinary teams develop cyber risk management strategies |
Technology | Uses appropriate technology platforms to assist with cyber security risk management |
Sectors
Digital Competence – Cyber Security