Application
This unit describes the skills and knowledge required to establish and respond to cyber security incidents in an organisation, and evaluate actions performed to mitigate risk of future incidents.
It applies to individuals who work in information technology security, including network specialists and security, to support all business functions responding to cyber incidents. These individuals have a broad range of knowledge and skills in cyber security, networks and systems. In this context, the individual works as an internal function for an organisation, however, the same can be applied in the context of an external security specialist advising and implementing the response and action items of a cyber-attack to an external client.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
1. Establish cyber security incident | 1.1 Establish and confirm occurrence and nature of cyber security incident 1.2 Identify legislative requirements, organisational policies and procedures and cyber security incident response plans 1.3 Analyse and assess source, impact and consequences of incident according to organisational response plans 1.4 Notify and explain cyber incident to required personnel according to legislative requirements and communications plans |
2. Activate cyber security incident response plan | 2.1 Activate incident response plan and confirm cyber incident is contained 2.2 Escalate and involve third party services and specialists as required according to organisational policies and procedures 2.3 Confirm no further risks exist according to legislative requirements and organisational response procedures 2.4 Discuss solutions with required personnel and action accordingly 2.5 Test solution implemented, and escalate as required according to organisational security procedures |
3. Perform post cyber security incident response procedures | 3.1 Evaluate actions taken and confirm incident is fixed and secure according to organisational procedures 3.2 Document cyber security incident, actions performed and solution, according to organisational policies and procedures 3.3 Discuss and document lessons learnt with required personnel 3.4 Discuss and implement preventative measures and mitigation methods as required 3.5 Amend incident response plan accordingly 3.6 Share documentation and communicate with required personnel according to organisational communications plan |
Evidence of Performance
The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:
respond to at least two different cyber security incidents in at least two different business functions
develop and follow a basic communications plan.
In the course of the above, the candidate must:
comply with organisational cyber security incident response plan
adhere to legislative requirements and organisational policies and procedures.
Evidence of Knowledge
The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:
key features of incident response plans
cyber security incidents and the source and causes of these incidents
types of attacks, including:
denial-of-service attack (DoS)
SQL injection (SQLi)
cross-site scripting (XSS) attacks
scripted attacks
hardware attacks
attacks against Wi Fi
cyber security incident detection methodologies
preventative measures and mitigation methods applicable to cyber security incidents
documentation processes that may be used in the process of responding to cyber security incidents
organisational policies and procedures applicable to cyber security incident response, including procedures for:
determining nature and location of incidents
containing incidents, including installation of security patches and disabling network access
notifying and reporting to required personnel
encryptions
assessing impact on business function and other areas
procedures in developing communications plans.
Assessment Conditions
Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.
This includes access to:
organisation cyber security incident response plan
required hardware and software
text-editing software
legislative requirements and organisational procedures and policies applicable to cyber security incident.
Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.
Foundation Skills
Learning | Identifies and gathers information applicable to organisational procedures and incident response procedures |
Numeracy | Measures and records mathematical data and uses tools when interpreting results |
Reading | Identifies and interprets information from incident response plans, and extracts applicable areas when dealing with cyber security incidents |
Writing | Uses required industry specific terminology when documenting cyber security incidents and solutions |
Problem solving | Uses problem solving skills when identifying the nature and impact of cyber security incidents |
Technology | Uses required technological tools and software in responding to cyber security incidents Applies skills in systems administration, network security, applications and programming |
Sectors
Cyber security