Application
This unit describes the skills and knowledge required to design security architecture to organisation requirements, utilising specific design methodologies.
It applies to those who work in roles as senior network systems and server administrators,cyber security engineers, DevOps engineers and cyber security solutions architects and are responsible for designing security solutions.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Elements and Performance Criteria
1. Prepare to design security infrastructure | 1.1 Analyse an organisation’s operation and infrastructure to identify security requirements 1.2 Research and identify industry standard design methodologies utilised in security architecture design 1.3 Determine required security level and perimeters, security features and security mode 1.4 Establish all data types to be included in security architecture 1.5 Document all security architecture findings and confirm with required personnel |
2. Design security architecture | 2.1 Establish and document specific requirements and features of security requirements 2.2 Design and document security solution according to organisational requirements 2.3 Submit documentation to required personnel for initial feedback |
3. Finalise security architecture | 3.1 Demonstrate security design utilises major industry standard design methodologies 3.2 Demonstrate security design addresses organisational cyber security requirements 3.3 Submit documentation to required personnel and seek and respond to feedback |
Evidence of Performance
The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:
use methodologies to design at least one cyber security solution for an organisation on at least one occasion.
In the course of the above, the candidate must:
research and analyse industry standard design methodologies for designing security architecture
document finalised security solution.
Evidence of Knowledge
The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:
industry standard cyber security design methodologies
principles of cyber security
principles of security architecture
different types of cyber security risks required to design security architecture
presenting security architecture in document form.
Assessment Conditions
Skills in this unit must be demonstrated in a workplace or simulated environment where the conditions are typical of those in a working environment in this industry.
This includes access to:
organisational data
organisational operating structure
organisational procedures applicable to designing security architecture including:
documentation processes
establishing requirements and features of security strategies
establishing baselines and metrics
testing methodologies.
Assessors of this unit must satisfy the requirements for assessors in applicable vocational education and training legislation, frameworks and/or standards.
Foundation Skills
Learning | Monitors outcomes of decisions, considering results and identifying key concepts and principles that may be adaptable in the future |
Reading | Interprets technical, manufacturer and organisational documentation to determine and confirm job requirements |
Writing | Prepares complex workplace documentation detailing findings and solutions using required structure, layout and required language |
Planning and organising | Develops the operational detail in stages, regularly reviewing priorities and performance during implementation, and identifying and addressing issues |
Problem solving | Uses understanding of context to recognise anomalies and subtle deviations to normal expectations, focusing attention and remedying problems as they arise |
Self-management | Takes responsibility for identifying and considering organisational protocols and requirements Uses systematic processes, setting goals, gathering required information and identifying and evaluating options against agreed criteria |
Technology | Demonstrates an understanding of principles, concepts, language and practices associated with the digital world |
Sectors
Cyber security