The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!
From the Wiki University
What evidence can you provide to prove your understanding of each of the following citeria?
Review organisational security policy and procedures
|
|
Review business environment to identify existing requirements Completed |
Evidence:
|
Determine organisational goals for legal and security requirements Completed |
Evidence:
|
Verify security needs in a policy document Completed |
Evidence:
|
Determine legislative impact on business domain Completed |
Evidence:
|
Gather and document objective evidence on current security threats Completed |
Evidence:
|
Identify options for using internal and external expertise Completed |
Evidence:
|
Establish and document a standard methodology for performing security tests Completed |
Evidence:
|
Develop security plan
|
|
Investigate theoretical attacks and threats on the business Completed |
Evidence:
|
Evaluate risks and threats associated with the investigation Completed |
Evidence:
|
Prioritise assessment results and write security policy Completed |
Evidence:
|
Document information related to attacks, threats, risks and controls in a security plan Completed |
Evidence:
|
Review the security strategy with security approved key stakeholders Completed |
Evidence:
|
Integrate approved changes into business plan and ensure compliance with statutory requirements Completed |
Evidence:
|
Design controls to be incorporated into system
|
|
Implement controls in a procedurally organised manner to ensure minimum risk of security breach in line with organisational guidelines Completed |
Evidence:
|
Monitor each phase of the implementation to determine the impact on the business Completed |
Evidence:
|
Take corrective action on system implementation breakdown Completed |
Evidence:
|
Record implementation process Completed |
Evidence:
|
Evaluate corrective actions for risk Completed |
Evidence:
|
Plan risk assessment review process Completed |
Evidence:
|
Take action to ensure confidentiality throughout all phases of design Completed |
Evidence:
|