NTISthis.com

Evidence Guide: ICTCYS405 - Develop cyber security incident response plans

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTCYS405 - Develop cyber security incident response plans

What evidence can you provide to prove your understanding of each of the following citeria?

Plan incident response plans

  1. Identify and gather information on organisational environment, procedures and processes and cyber security threats
  2. Discuss and confirm ideas and plans with management and gain approval in developing response plans
  3. Establish response committee and roles and responsibilities of each individual according to organisational procedures
  4. Identify required services and assets in developing test plans
Identify and gather information on organisational environment, procedures and processes and cyber security threats

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Discuss and confirm ideas and plans with management and gain approval in developing response plans

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish response committee and roles and responsibilities of each individual according to organisational procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify required services and assets in developing test plans

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop and confirm incident response plans

  1. Establish and confirm recovery time objective (RTO) and recovery point objective (RPO) in disaster recovery according to organisational requirements
  2. Discuss and establish test scenarios
  3. Establish and confirm test frequency according to organisational requirements
  4. Develop test baselines and metrics according to organisational procedures
  5. Confirm and document draft test plans with required personnel and respond to feedback accordingly
  6. Test cyber security incident response plan according to testing procedures
  7. Identify, address and report errors noted in testing phase, within scope of own role
Establish and confirm recovery time objective (RTO) and recovery point objective (RPO) in disaster recovery according to organisational requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Discuss and establish test scenarios

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish and confirm test frequency according to organisational requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop test baselines and metrics according to organisational procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Confirm and document draft test plans with required personnel and respond to feedback accordingly

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Test cyber security incident response plan according to testing procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify, address and report errors noted in testing phase, within scope of own role

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Finalise incident response plans

  1. Discuss lessons learnt in testing response plans and adjust test plans accordingly
  2. Obtain sign-off with required personnel according to organisational policies and procedures
  3. Record, document and store test plans according to organisational procedures
Discuss lessons learnt in testing response plans and adjust test plans accordingly

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Obtain sign-off with required personnel according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Record, document and store test plans according to organisational procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

develop a plan in response to cyber security incidents for each of the following areas:

organisation’s network

organisation’s system

Wi-Fi network

an application

a human error.

In the course of the above, the candidate must:

establish at least two test scenarios in each plan

develop at least two test metrics and at least two baselines in each plan

adhere to organisational procedures.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

features and principals of networking, Wi-Fi networks and applications

procedures in testing cyber security incident test plans

metrics and baselines used in cyber security incident test plans

roles and responsibilities of test committees

organisational procedures and requirements applicable to developing cyber security incident response plans, including:

documenting established requirements and incident response plans

establishing response committees

testing methodologies

establishing baselines and metrics

cyber incidents and scenarios.