The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Manage data security
|
|
Ensure that security classification and data management policies and guidance are issued and updated Completed |
Evidence:
|
Specify policy and coordinate review and approval Completed |
Evidence:
|
Report compliance of data security policies to management Completed |
Evidence:
|
Implement appropriate changes and improvement actions as required Completed |
Evidence:
|
Manage enterprise continuity
|
|
Coordinate with corporate stakeholders to establish the enterprise continuity of operations program Completed |
Evidence:
|
Acquire the necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program Completed |
Evidence:
|
Define the enterprise continuity of operations organizational structure and staffing model Completed |
Evidence:
|
Define emergency delegations of authority and orders of succession for key positions Completed |
Evidence:
|
Direct contingency planning, operations, and programs to manage risk Completed |
Evidence:
|
Define the scope of the enterprise continuity of operations program to address business continuity, business recovery, contingency planning, and disaster recovery and related activities Completed |
Evidence:
|
Integrate enterprise concept of operations activities with related contingency planning activities Completed |
Evidence:
|
Establish an enterprise continuity of operations performance measurement program Completed |
Evidence:
|
Identify and prioritize critical business functions Completed |
Evidence:
|
Implement appropriate changes and improvement actions as required Completed |
Evidence:
|
Manage incidents
|
|
Coordinate with stakeholders to establish the incident management program Completed |
Evidence:
|
Establish relationships between the incident response team and other groups Completed |
Evidence:
|
Acquire and manage the resources, including financial resources, for the incident management functions Completed |
Evidence:
|
Ensure the coordination between the incident response team and the security administration and technical support teams Completed |
Evidence:
|
Apply lessons learned from information security incidents to improve incident management processes and procedures Completed |
Evidence:
|
Implement appropriate changes and improvement actions as required Completed |
Evidence:
|
Manage networks and telecommunications security
|
|
Establish a network security and telecommunications program in line with enterprise policy and security goals Completed |
Evidence:
|
Manage the necessary resources, including financial resources, to establish and maintain an effective network security and telecommunications program Completed |
Evidence:
|
Direct network security and telecommunications personnel Completed |
Evidence:
|
Establish communications between the network security and telecommunications team and related security teams Completed |
Evidence:
|
Integrate network security and telecommunications program activities with technical support, security administration, and incident response activities Completed |
Evidence:
|
Establish a network security and telecommunications performance measurement program Completed |
Evidence:
|
Ensure enterprise compliance with applicable network-based documents Completed |
Evidence:
|
Ensure that network-based audits and management reviews are conducted to implement process improvement Completed |
Evidence:
|
Implement appropriate improvement actions, as required Completed |
Evidence:
|
Manage system and application security
|
|
Establish the IT system and application security engineering program Completed |
Evidence:
|
Acquire the necessary resources, including financial resources, to support the integration of security in the SDLC Completed |
Evidence:
|
Guide IT security personnel through the SDLC phases Completed |
Evidence:
|
Define the scope of the IT security program as it applies to the application of SDLC Completed |
Evidence:
|
Plan the IT security program components into the SDLC Completed |
Evidence:
|