The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Establish cyber security incident
|
|
Establish and confirm occurrence and nature of cyber security incident Completed |
Evidence:
|
Identify legislative requirements, organisational policies and procedures and cyber security incident response plans Completed |
Evidence:
|
Analyse and assess source, impact and consequences of incident according to organisational response plans Completed |
Evidence:
|
Notify and explain cyber incident to required personnel according to legislative requirements and communications plans Completed |
Evidence:
|
Activate cyber security incident response plan
|
|
Activate incident response plan and confirm cyber incident is contained Completed |
Evidence:
|
Escalate and involve third party services and specialists as required according to organisational policies and procedures Completed |
Evidence:
|
Confirm no further risks exist according to legislative requirements and organisational response procedures Completed |
Evidence:
|
Discuss solutions with required personnel and action accordingly Completed |
Evidence:
|
Test solution implemented, and escalate as required according to organisational security procedures Completed |
Evidence:
|
Perform post cyber security incident response procedures
|
|
Evaluate actions taken and confirm incident is fixed and secure according to organisational procedures Completed |
Evidence:
|
Document cyber security incident, actions performed and solution, according to organisational policies and procedures Completed |
Evidence:
|
Discuss and document lessons learnt with required personnel Completed |
Evidence:
|
Discuss and implement preventative measures and mitigation methods as required Completed |
Evidence:
|
Amend incident response plan accordingly Completed |
Evidence:
|
Share documentation and communicate with required personnel according to organisational communications plan Completed |
Evidence:
|