ICT50118Diploma of Information Technology ICTNWK511 Manage System Security ICTNWK513 Manage System Security
Assessments for this unit have been developed by taking into account assessment guidelines as provided in the training package and evidence requirements stipulated in this unit of competency. Assessment is an ongoing process of gathering evidence to determine what each student/learner knows, understands and can do in order to inform teaching and support learning of the intended curriculum.
The purposes of this assessment are;
Assessment in this unit is based on assessment and evidence guidelines provided in the unit of competency and the training package. The evidence is generated through summative assessment tasks. However, the role of Formative Tasks is crucial in developing the required skills and knowledge in completing the summative tasks. Formative tasks enable the trainers to evaluate their own delivery and adjust their facilitation based on the outcomes from these tasks. The role of formative assessments is to improve learning and adapt to student needs.
These tasks and activities usually take place throughout the unit and planned in accordance with the summative assessment plan/schedule. The formative tasks are generally referred to as “Portfolio” tasks. Portfolio is a collection of all the formative tasks completed during the learning sessions. The portfolio can be used by students as an evidence of participation or example of work completed as part of their learning.
Formative tasks are not assessed.
For summative tasks, the following assessment methods are available to collect the aforementioned evidence to demonstrate satisfactory performance in this unit;
The WrittenAssessment Tasks and Tests have been developed to address various parts of Performance Criteria as well as Required Knowledge.
The Practical Tasks are developed to demonstrate competence in Required Skills. These assessment tasks and activities are mostly designed as in-class assessments, enabling the trainers to observe the work being undertaken and completed (i.e. demonstration of a specific/required skill). Practical tasks may also include use of online learning tools, equipment, activities, or use of software. Instructions for practical tasks are generally provided within the task description. However, trainers/assessor may set certain conditions for conducting and observing these tasks.
The Project (Individual or Group based) addresses various aspects of competency standard including Performance Criteria, Required Skills and Employability Skills. The role of the project in assessment strategy is to measure student/trainee competence as a form of Summative Assessment. It demonstrates the efficacy of instructions and learning in the prescribed delivery period by assessing the overall performance of the students/trainees for the purpose of grading/final results.
The Test/Exam is generally designed to test the Required Knowledge component of the unit of competency. It may also be used to reinforce learning and test specific aspects of other part of competency where knowledge of certain processes/procedures is required. A knowledge test may be verbal or written as specified in the task description. Examinations are conducted under set conditions.
Observation forms part of in-class activities, participation in designated group processes, presentation and provides an option where specific skills need to be demonstrated to the assessor.
Some of the assessments in this course may be used as Integrated Assessments; i.e. to use evidence created in one unit/task to determine competency in another unit/task. The concept behind the design of the integrated assessment is to limit repetitive tasks that test the same or similar competency elements in different units of competency.
Assessment can be both a formative and summative process. Formative assessment is used to provide feedback to students and teachers to promote further learning. Summative assessment contributes to the judgement of student learning for competency/award purposes.
# |
Assessment Task/Activity |
Type |
Assessment Method |
1 |
Team: Identify and Categorise Network and System Security Threats |
Individual |
Observation |
2 |
Develop and Implement a Security Policy |
Individual |
Written |
3 |
Develop a Risk Management Plan |
Individual |
Written |
4 |
Develop and Test a Network and System Security Plan |
Individual |
Written & Observation |
These assessment tasks/activities have been described in detail in the following section. Note: Assessments tasks in this unit are sequential and progressive. Ensure that the tasks are completed in the above order, and documentation/information maintained in each task.
Assessment Task 1:
Assessment Task |
Team: Identify and Categorise Network and System Security Threats |
Outcomes Assessed |
Performance Criteria: ICTNWK511: 1.1, 2.1, 2.2, 2.3, 2.4, 4.1 ICTNWK513: 1.1, 1.2, 1.3, 1.4 Addresses some elements of required skills and knowledge as shown in the Assessment Matrix |
Description:
A threat refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage to the network (techopedia, 2014).
This assessment task is a role-play exercise to simulate a real-life environment. For the purpose of this task, your trainer/assessor will play the role of the manager or supervisor.
Consider the following scenario; Business Profile:
ABX is a Legal and Accounting firm with approximately 200 local and international clients ranging from large businesses with complex financial and legal needs to individuals with a modest financial holding. In line with business and statutory requirements there is a formal set of organisational procedures for keeping data secure, confidential and safe.
At company’s head office, there’s a cafeteria and conference room on the ground floor, Legal on the second floor and Accounting on the first floor. There is an open plan work environment, with at least two closed offices on each floor for senior management. There is a workstation in the reception area and in each closed office, and four workstations in the conference room. Individual workstations are scattered around the open plan office to meet business needs. Since the last system upgrade, the company has set up remote access for some of the employees to allow them to work from home and access the files relevant to their job functions.
Task:
You have been given the task to;
Identify and categorise potential network threats during each of the following likely attack stages (typical network attack pattern);
Using the STRIDE model, identify and categorise threats using the above network as an example to;
Alternatively, a similar network diagram (resembling the given business profile) can be used for this task.
Consult with your trainer/assessor (manager role-play) to confirm the network to be used.
Write your evaluation/analysis in a well-structured word document with appropriate headings and subheadings.
This task is expected to be completed within one session and must be done during a designated assessment session in the class. Your communication, analytical, and technical skills will be observed and assessed.
The following assessment criteria will be used for marking this assessment task. Ensure that you have addressed all of the criteria in your work;
▪ Word processed threat modelling document
Note: Keep a copy of all your work/documents as you may need them in the subsequent tasks.
Students should upload the assessment tasks on the MEGA Student Portal in the respective unit.
Assessment Task 2:
Assessment Task |
Develop and Implement a Security Policy |
Outcomes Assessed |
Performance Criteria: ICTNWK511: 3.1, 3.2, 3.3, 4.4 ICTNWK513: 1.3, 1.4, 3.2 Addresses some elements of required skills and knowledge as shown in the Assessment Matrix |
Description:
A network security policy, or NSP, is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment (NIST, 2014).
In this assessment task, you will be required to “write” a Network Security Policy resembling a real-life policy based on the fundamental CIA Triad approach of;
You will use the organisation profile used in Assessment Task1, Part A for the required context and relevance (or any other organisational context if a different network/organisation was chosen in the previous task). There is no fixed format for the policy document. However, it is expected that you will include the typical policy components of;
You may use these as possible heading for your policy document. The policy should be neatly drafted and presented as a formal document.
The following assessment criteria will be used for marking this assessment task. Ensure that you have addressed all of the criteria in your work;
▪ Word processed policy document
Note: Keep a copy of all your work/documents as you may need them in the subsequent tasks.
Students should upload the assessment tasks on the MEGA Student Portal in the respective unit.
Assessment Task 3:
Assessment Task |
Develop a Risk Management Plan |
Outcomes Assessed |
Performance Criteria: ICTNWK511: 1.1, 1.2, 1.3, 2.1, 2.2, 2.3, 2.4, 2.5, 3.1, 3.2, 3.3, 3.4, 4.1, 4.2 ICTNWK513: 2.1, 2.2, 2.3, 2.4, 3.1 Addresses some elements of required skills and knowledge as shown in the Assessment Matrix |
Description:
A risk analysis is a document process showing an organisation's vulnerabilities and the estimated cost of recovery in the event of damage. A "risk" is the expectation that a threat may succeed and the potential damage that can occur. The risk management plan summarises defensive measures and associated costs based on the amount of risk the organization is willing to accept (PC Mag, Encyclopaedia, 2014).
For the purpose of this task, you will need to use a sample, lab-based, network to assess the security risk from both internal (someone having internal access of the network) and external (visible to public through the internet) perspectives.
You will use the same business profile and security context used in Assessment Tasks 1, Part A&B. Your plan will be developed around the following main content areas;
The system security risk assessment should be based on perceived external and internal threats. As the Risk Assessment is the key component of the plan, based your security risk assessment on the following vulnerabilities, assuming that the following incidents have previously occurred at different occasions;
Prepare a structured Risk Management Plan covering the above areas. The plan should be word-processed and written as a formal document. You may use the in-lab network set up to test firewall and router filtering configurations, authentication mechanisms, e-mail and DNS server configurations, network-layer Web server exploits, database server configurations, SNMP, and FTP settings to develop the required security context for this task.
Your trainer/assessor will play the role of your manager/supervisor for this task. Ensure that you maintain an effective consultation throughout and seek clarifications when needed.
The following assessment criteria will be used for marking this assessment task. Ensure that you have addressed all of the criteria in your work;
▪ Word processed Risk Management Plan
Note: Keep a copy of all your work/documents as you may need them in the subsequent tasks.
Students should upload the assessment tasks on the MEGA Student Portal in the respective unit.
Assessment Task 4:
Assessment Task |
Develop a Network and System Security Plan |
Outcomes Assessed |
Performance Criteria: ICTNWK511: 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3, 5.4 ICTNWK513: 3.1, 3.3, 3.4, 3.5, 4.1, 4.2, 4.3, 5.1, 5.2, 5.3 Addresses some elements of required skills and knowledge as shown in the Assessment Matrix |
Description:
This task continues from, and builds on, the previous assessment tasks. Continuing in your role-play and organisational context, in this task, you will be required to develop a Network Security Plan, incorporating various plan components developed in the previous tasks.
A Network Security plan typically translates incorporates business/organisational objectives, and security/risk management strategies into actionable activities outlining specific steps/projects/measures, required resources and suggested timeline.
From network security perspective, you will also need to include a proposed security design based on the perceived attacker scenarios and threats. Develop a Network Security Plan that covers;
Assume that the company has had the following attack/security incidents at different occasions - assuming them as known incidents and risks;
IN ADDITION, the company wants you to develop additional security measures to include non-PC devices with an IP address such as internet-enabled cameras, and employee badge readers.
Prepare a structured Network Security Plan covering the above areas. The plan should be word-processed and written as a formal document.
The following assessment criteria will be used for marking this assessment task. Ensure that you have addressed all of the criteria in your work;
Assignment Writing Help
Engineering Assignment Services
Do My Assignment Help
Write My Essay Services