NTISthis.com

Evidence Guide: ICTCYS603 - Undertake penetration testing for organisations

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTCYS603 - Undertake penetration testing for organisations

What evidence can you provide to prove your understanding of each of the following citeria?

Prepare for penetration testing

  1. Analyse organisation’s existing cyber security environment, systems and network requirements
  2. Identify individual data types and level of security requirements
  3. Establish and outline goal and objectives of performing penetration testing
  4. Evaluate scanning tools and select according to vulnerability assessment requirements
  5. Establish and document testing regime and schedule, and requirements according to organisational procedures
Analyse organisation’s existing cyber security environment, systems and network requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify individual data types and level of security requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish and outline goal and objectives of performing penetration testing

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Evaluate scanning tools and select according to vulnerability assessment requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Establish and document testing regime and schedule, and requirements according to organisational procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct penetration tests

  1. Perform penetration test according to testing plan and procedures
  2. Identify and document vulnerabilities arising from vulnerability assessment
  3. Identify and document potential threats arising from penetration test according to organisational and testing procedures
Perform penetration test according to testing plan and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify and document vulnerabilities arising from vulnerability assessment

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Identify and document potential threats arising from penetration test according to organisational and testing procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Conduct follow up activities

  1. Remediate identified vulnerabilities according to testing procedures
  2. Determine and document improvement plan
  3. Evaluate penetration testing effectiveness against testing plan and procedures
  4. Escalate unresolved vulnerabilities to required personnel
  5. Submit documentation to required personnel and seek and respond to feedback
Remediate identified vulnerabilities according to testing procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Determine and document improvement plan

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Evaluate penetration testing effectiveness against testing plan and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Escalate unresolved vulnerabilities to required personnel

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Submit documentation to required personnel and seek and respond to feedback

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

plan and implement penetration testing and resolve queries and vulnerabilities on at least three vulnerabilities.

In the course of the above, the candidate must:

identify weaknesses as part of penetration testing process.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

security risks and vulnerabilities in software systems

tools used in testing a network for vulnerabilities including scanning tools

advanced level penetration testing of a system

methods and tools used to protect data in an organisation

risk mitigation strategies

organisational procedures applicable to undertaking penetration testing, including:

establishing goals and objectives of penetration testing

defining scope of testing and establishment of testing regime

documenting established requirements

establishing penetration testing procedures

documenting findings, threats and work performed

key organisational environments, systems and networks required to undertake penetration testing for organisations.