This unit describes the skills and knowledge required to identify, confirm and report cyber security incidents in an organisation.

It applies to individuals who work in information technology security, and gather logs from systems, networks and applications to identify the occurrence of incidents in any business environment.

No licensing, legislative or certification requirements apply to this unit at the time of publication.

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

identify and confirm occurrence of at least:

one network incident

one system incident

one wireless or Wi-Fi incident

one application incident.

In the course of the above, the candidate must:

discuss and contribute at least one potential change to each incident

adhere to legislative requirements and organisational security procedures.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

different types of cyber security incidents and attacks, including:

security vulnerabilities and malware

denial-of-service attack (DDOS)

SQL injection (SQLi)

cross-site scripting (XSS) attacks

scripted attacks

hardware attacks

attacks against Wi Fi

cyber security risks

methods of testing systems, networks and applications and confirming incidents

common procedures in:

following organisational cyber security incident response plans

responding to cyber security incidents

legislative requirements applicable to identifying and reporting cyber security incidents

organisational policies and procedures applicable to cyber security incidents, including:

documenting established requirements, incidents and work performed

security procedures

obtaining and analysing system, network and application information

cyber security incident response processes and plans

establishing reporting procedures.

Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.

This includes access to:

required hardware, software and its components

system, network and application infrastructure and logs

the internet

organisational security procedures including incident response plans.

Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.

This section describes those language, literacy, numeracy and employment skills that are essential to performance but not explicit in the performance criteria.

Cyber security