NTISthis.com

Evidence Guide: ICTCYS402 - Identify and confirm cyber security incidents

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTCYS402 - Identify and confirm cyber security incidents

What evidence can you provide to prove your understanding of each of the following citeria?

Identify cyber security incidents

  1. Identify and review legislative requirements and organisational procedures and policies applicable to cyber security incidents and incident response plans
  2. Obtain and analyse system, network and application infrastructure and logs according to organisational security procedures
  3. Analyse and test application and confirm assumptions of incidents according to organisational security procedures
  4. Discuss differences between network and systems incidents with required personnel
Identify and review legislative requirements and organisational procedures and policies applicable to cyber security incidents and incident response plans

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Obtain and analyse system, network and application infrastructure and logs according to organisational security procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse and test application and confirm assumptions of incidents according to organisational security procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Discuss differences between network and systems incidents with required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Confirm cyber security incidents

  1. Confirm whether incidents are network or systems related
  2. Discuss and confirm incident with required personnel
  3. Identify and discuss potential changes required to system, network and application
Confirm whether incidents are network or systems related

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Discuss and confirm incident with required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify and discuss potential changes required to system, network and application

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Report and document cyber security incidents

  1. Report cyber security incident to required personnel, according to legislative requirements and organisational policies and procedures
  2. Document exposed vulnerability and changes, solutions and actions discussed according to organisational policies and procedures
Report cyber security incident to required personnel, according to legislative requirements and organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document exposed vulnerability and changes, solutions and actions discussed according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

identify and confirm occurrence of at least:

one network incident

one system incident

one wireless or Wi-Fi incident

one application incident.

In the course of the above, the candidate must:

discuss and contribute at least one potential change to each incident

adhere to legislative requirements and organisational security procedures.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

different types of cyber security incidents and attacks, including:

security vulnerabilities and malware

denial-of-service attack (DDOS)

SQL injection (SQLi)

cross-site scripting (XSS) attacks

scripted attacks

hardware attacks

attacks against Wi Fi

cyber security risks

methods of testing systems, networks and applications and confirming incidents

common procedures in:

following organisational cyber security incident response plans

responding to cyber security incidents

legislative requirements applicable to identifying and reporting cyber security incidents

organisational policies and procedures applicable to cyber security incidents, including:

documenting established requirements, incidents and work performed

security procedures

obtaining and analysing system, network and application information

cyber security incident response processes and plans

establishing reporting procedures.