NTISthis.com

Evidence Guide: BSBXCS404 - Contribute to cyber security risk management

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

BSBXCS404 - Contribute to cyber security risk management

What evidence can you provide to prove your understanding of each of the following citeria?

Contribute to recommending risk management strategies that mitigate cyber security risk

  1. Consult with stakeholders to determine scope of risk management appropriate to organisation and industry
  2. Review relevant critical cyber risk management strategies appropriate to level of risk
  3. Assist in developing suitable cyber security response options according to organisational policies and procedures
  4. Present options for risk management strategies for approval within scope of own role
  5. Document approved risk management strategies
Consult with stakeholders to determine scope of risk management appropriate to organisation and industry

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review relevant critical cyber risk management strategies appropriate to level of risk

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assist in developing suitable cyber security response options according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Present options for risk management strategies for approval within scope of own role

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document approved risk management strategies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Support implementation of approved risk management strategies in response to risk

  1. Support communication of approved risk management strategies to required personnel
  2. Contribute to monitoring cyber security risk according to selected risk management strategies
  3. Assist in determining compliance with implemented cyber risk mitigation strategies
  4. Address non-compliance within scope of own role and escalate where required according to organisational policies and procedures
  5. Assist in establishing feedback processes that provide warning of potential new risks according to organisational requirements
Support communication of approved risk management strategies to required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Contribute to monitoring cyber security risk according to selected risk management strategies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assist in determining compliance with implemented cyber risk mitigation strategies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Address non-compliance within scope of own role and escalate where required according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assist in establishing feedback processes that provide warning of potential new risks according to organisational requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review and revise implemented risk management strategies

  1. Identify benchmarks to track effectiveness of risk management strategies
  2. Support evaluation of effectiveness of implemented strategies
  3. Update risk management strategies with new information as required
Identify benchmarks to track effectiveness of risk management strategies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Support evaluation of effectiveness of implemented strategies

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Update risk management strategies with new information as required

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

contribute to developing and implementing risk management strategies that control two different identified cyber security risks and document the response option applied to each risk

support evaluation of effectiveness of each implemented strategy.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

legislative and regulatory requirements relating to contributing to cyber security risk management, including:

data protection legislation

notifiable data breach legislation

Australian privacy laws

established international legislation

key risk management strategies, including:

regular organisational training

regular threat assessment

cyber security incident response plan

clear escalation routes

organisational policies and procedures, including for:

analysing and reviewing risk management methodologies

developing communications plans

evaluating effectiveness of risk management strategies

monitoring cyber risk

reviewing currency of risk register

industry-specific knowledge of suitable procedures for applying risk management strategy

guidelines required for updating technology

business process design principles in relation to risk management

reporting mechanisms for tracking organisational cyber security maturity.