NTISthis.com

Evidence Guide: ICTCYS608 - Perform cyber security risk assessments

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

ICTCYS608 - Perform cyber security risk assessments

What evidence can you provide to prove your understanding of each of the following citeria?

Prepare to perform risk assessment

  1. Analyse organisations risk culture and document findings according to organisational requirements
  2. Research and document legislative and organisational cyber security risk requirements
  3. Obtain and analyse organisation’s risk register and determine its currency against organisational legislative requirements
  4. Develop and document risk assessment plan according to organisational requirements
  5. Communicate risk assessment plan with required personnel and seek and respond to feedback
Analyse organisations risk culture and document findings according to organisational requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Research and document legislative and organisational cyber security risk requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Obtain and analyse organisation’s risk register and determine its currency against organisational legislative requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop and document risk assessment plan according to organisational requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Communicate risk assessment plan with required personnel and seek and respond to feedback

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Perform risk assessment

  1. Initiate risk assessment according to plan
  2. Document process and outcomes of risk assessment according to organisational policies and procedures
Initiate risk assessment according to plan

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Document process and outcomes of risk assessment according to organisational policies and procedures

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Finalise risk assessment

  1. Analyse and document findings against risk register and determine operations outside of organisation’s risk appetite
  2. Develop and document operational measures to align operations against risk register requirements
  3. Communicate risk assessment findings to required personnel and highlight areas of non-compliance and solutions
  4. Lodge documentation according to organisational requirements
Analyse and document findings against risk register and determine operations outside of organisation’s risk appetite

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Develop and document operational measures to align operations against risk register requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Communicate risk assessment findings to required personnel and highlight areas of non-compliance and solutions

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Lodge documentation according to organisational requirements

Completed
Date:

Teacher:		 Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Required Skills and Knowledge

The candidate must demonstrate the ability to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including evidence of the ability to:

conduct a cyber security risk assessment on at least one occasion.

In the course of the above, the candidate must:

identify and analyse an organisation’s risk appetite and risk register against their daily operations

research cyber security legislation and align organisational risk assessment to require legislation

document processes and outcomes.

The candidate must be able to demonstrate knowledge to complete the tasks outlined in the elements, performance criteria and foundation skills of this unit, including knowledge of:

risk assessment methodologies and processes required in cyber security

methodologies of identifying and measuring risk culture and risk appetite in the cyber environment

sources of legislative requirements required in cyber security

organisational procedures applicable to conducting a cyber security risk assessment including,

documenting risk assessment processes and findings

establishing requirements and features of cyber security risk assessment processes.