VU22246 - Evaluate an organisation's compliance with relevant cyber security standards and law

Unit code: VU22246 | Study level: TAFE

Credit points

N/A

Location

Footscray Nicholson

St Albans

Prerequisites

N/A

Overview

This unit provides the knowledge and skills to enable a cyber security paraprofessional as part of a team, to identify relevant cyber standards and laws pertaining to the organisation, evaluate current working practices in light of these standards and laws and to plan and implement any required work practice changes.

Assessment

For Melbourne campuses

Assessment tasks will be designed to reinforce and extend knowledge and skill competence within set and controlled parameters in accordance with each unit’s learning outcomes and performance criteria requirements, including the setting of work based practical application tasks designed to provide evidence of competence outcomes, within periodic and scheduled timelines.

Students will be expected to demonstrate the following required skills:
• Articulating relevant issues encountered in the work environment
• Reading and accurately interpreting documents and reports
• As part of a team determining changes required to work practices to implement new cyber security policies and procedures
• Participating and problem solving within a team environment
• Establishing project risk assessment
• Preparing technical documentation
• Facilitating the implementing organisational staff training programs
• Evaluating of policies, standards and procedures effectiveness (Continuous improvement)

Students will also be expected to demonstrate the following knowledge:
• Australian federal system of Government
• Difference between federal and state regulation
• Accessing state and federal Acts (statutes) - using http://www.austlii.edu.au/
• Interpreting Cyber Law requirements for the organisation from state and federal acts
• Mandatory, Discretionary and Voluntary codes and best practices for the industry sector
• Key features of Federal Mandatory Acts pertaining to Cyber Security
o ELECTRONIC TRANSACTIONS ACT 1999; CORPORATIONS ACT 2001; CRIMINAL CODE ACT 1995; PRIVACY ACT 1988; FREEDOM OF INFORMATION ACT 1982; TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979; COMPETITION AND CONSUMER ACT 2010 (Can include SPAM Act 2003)
• Key features of State Mandatory Acts pertaining to Cyber Security
o WRONGS ACT 1958; ELECTRONIC TRANSACTIONS (VICTORIA) ACT 2000
• Supporting work practices and standards (Discretionary adoption)
o (National Institute of Standards and Technology) NIST Cybersecurity Framework; ISO 31000 Risk Management; ISO/IEC 38500:2015 Preview Information technology - Governance of IT for the organisation; ISO 15489 -1:2016 Preview Information and documentation - Records management - Part 1: Concepts and principles; ISO/IEC 27000 family - Information security management systems; BS 10008 - Evidential Weight and Legal Admissibility of Electronic Information; ISO/IEC 29100:2011 Preview Information technology - Security techniques - Privacy framework; Victorian Protective Data Security Framework (VPDSF)
• Key feature of Control Objectives for Information and Related Technologies (COBIT) as they pertain to Risk and IT governance
• Key feature of Information Technology Infrastructure Library (ITIL) as they pertain to risk and IT governance
• Legal implications of adopted standards and procedures
• Risk assessment
• Differences between security frameworks, policies, standards, procedures, guidelines, and legislation

Required reading

The qualified trainer and assessor will provide teaching and learning materials as required in the form of workbooks produced by the Polytechnic and/or via the Polytechnic e-learning system.