NTISthis.com

Evidence Guide: ICTCYS403 - Plan and implement information security strategies for an organisation

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTCYS403 - Plan and implement information security strategies for an organisation

What evidence can you provide to prove your understanding of each of the following citeria?

Plan information security strategies

  1. Discuss implementation opportunities for organisational information security strategies with required personnel
  2. Gain management buy in and approval in planning and implementing information security strategy
  3. Identify and confirm organisational policies including password policies, bring your own device (BYOD) and on boarding processes with required personnel
  4. Analyse organisational environments, processes and risk profile requirements
  5. Identify legislation and industry requirements to implement information security strategies in an organisation
Discuss implementation opportunities for organisational information security strategies with required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Gain management buy in and approval in planning and implementing information security strategy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify and confirm organisational policies including password policies, bring your own device (BYOD) and on boarding processes with required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse organisational environments, processes and risk profile requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify legislation and industry requirements to implement information security strategies in an organisation

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Design and implement information security strategy

  1. Develop action plan with specific goals and objectives of information security strategy according to organisational needs
  2. Design secure network infrastructure and security strategy according to organisational needs
  3. Analyse data classifications and levels of access in operational processes and integrate with strategy
  4. Document designed information security strategy according to organisational procedures
  5. Implement information security strategy according to design and organisational needs
Develop action plan with specific goals and objectives of information security strategy according to organisational needs

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Design secure network infrastructure and security strategy according to organisational needs

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse data classifications and levels of access in operational processes and integrate with strategy

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document designed information security strategy according to organisational procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Implement information security strategy according to design and organisational needs

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Test and finalise information security strategy

  1. Establish security baselines and metrics according to organisational needs
  2. Perform testing procedures and confirm information security strategy addresses organisational needs
  3. Record and compare test results to established metrics and benchmarks
  4. Finalise documentation and report information security strategy outcomes to required personnel
  5. Obtain feedback from required personnel and amend information security strategy accordingly
  6. Review final information security strategy and obtain sign-off from required personnel
Establish security baselines and metrics according to organisational needs

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Perform testing procedures and confirm information security strategy addresses organisational needs

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Record and compare test results to established metrics and benchmarks

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Finalise documentation and report information security strategy outcomes to required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Obtain feedback from required personnel and amend information security strategy accordingly

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Review final information security strategy and obtain sign-off from required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

plan and implement an information security strategy according to organisational needs.

In the course of the above, the candidate must:

establish at least three security baselines and at least three testing metrics

comply with legislation and industry requirements

follow organisational procedures.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

function of information security strategy testing procedures, including:

vulnerability tests

basic penetration tests

key organisational environment and business processes required to plan and implement information security strategies for an organisation

network and cyber security features and principals

types of data and classifications including sensitivity levels

advantages and importance of implementing information security strategies

organisational procedures applicable to developing information security strategies, including:

documentation processes

designing secure network infrastructure

establishing requirements and features of information security strategies

establishing baselines and metrics

testing methodologies.