NTISthis.com

Evidence Guide: ICTCYS406 - Respond to cyber security incidents

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTCYS406 - Respond to cyber security incidents

What evidence can you provide to prove your understanding of each of the following citeria?

Establish cyber security incident

  1. Establish and confirm occurrence and nature of cyber security incident
  2. Identify legislative requirements, organisational policies and procedures and cyber security incident response plans
  3. Analyse and assess source, impact and consequences of incident according to organisational response plans
  4. Notify and explain cyber incident to required personnel according to legislative requirements and communications plans
Establish and confirm occurrence and nature of cyber security incident

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify legislative requirements, organisational policies and procedures and cyber security incident response plans

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Analyse and assess source, impact and consequences of incident according to organisational response plans

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Notify and explain cyber incident to required personnel according to legislative requirements and communications plans

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Activate cyber security incident response plan

  1. Activate incident response plan and confirm cyber incident is contained
  2. Escalate and involve third party services and specialists as required according to organisational policies and procedures
  3. Confirm no further risks exist according to legislative requirements and organisational response procedures
  4. Discuss solutions with required personnel and action accordingly
  5. Test solution implemented, and escalate as required according to organisational security procedures
Activate incident response plan and confirm cyber incident is contained

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Escalate and involve third party services and specialists as required according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Confirm no further risks exist according to legislative requirements and organisational response procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Discuss solutions with required personnel and action accordingly

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Test solution implemented, and escalate as required according to organisational security procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Perform post cyber security incident response procedures

  1. Evaluate actions taken and confirm incident is fixed and secure according to organisational procedures
  2. Document cyber security incident, actions performed and solution, according to organisational policies and procedures
  3. Discuss and document lessons learnt with required personnel
  4. Discuss and implement preventative measures and mitigation methods as required
  5. Amend incident response plan accordingly
  6. Share documentation and communicate with required personnel according to organisational communications plan
Evaluate actions taken and confirm incident is fixed and secure according to organisational procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document cyber security incident, actions performed and solution, according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Discuss and document lessons learnt with required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Discuss and implement preventative measures and mitigation methods as required

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Amend incident response plan accordingly

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Share documentation and communicate with required personnel according to organisational communications plan

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

respond to at least two different cyber security incidents in at least two different business functions

develop and follow a basic communications plan.

In the course of the above, the candidate must:

comply with organisational cyber security incident response plan

adhere to legislative requirements and organisational policies and procedures.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

key features of incident response plans

cyber security incidents and the source and causes of these incidents

types of attacks, including:

denial-of-service attack (DoS)

SQL injection (SQLi)

cross-site scripting (XSS) attacks

scripted attacks

hardware attacks

attacks against Wi Fi

cyber security incident detection methodologies

preventative measures and mitigation methods applicable to cyber security incidents

documentation processes that may be used in the process of responding to cyber security incidents

organisational policies and procedures applicable to cyber security incident response, including procedures for:

determining nature and location of incidents

containing incidents, including installation of security patches and disabling network access

notifying and reporting to required personnel

encryptions

assessing impact on business function and other areas

procedures in developing communications plans.