Pearson BTEC Level 4 Diploma in Information Security Professional Competence

Transcription

1 Pearson BTEC Level 4 Diploma in Information Security Professional Competence Specification Competence-based qualification First registration August 2014 Issue 2

2 Edexcel, BTEC and LCCI qualifications Edexcel, BTEC and LCCI qualifications are awarded by Pearson, the UK s largest awarding body offering academic and vocational qualifications that are globally recognised and benchmarked. For further information, please visit our qualifications website at qualifications.pearson.com. Alternatively, you can get in touch with us using the details on our contact us page at qualifications.pearson.com/contactus About Pearson Pearson is the world's leading learning company, with 35,000 employees in more than 70 countries working to help people of all ages to make measurable progress in their lives through learning. We put the learner at the centre of everything we do, because wherever learning flourishes, so do people. Find out more about how we can help you and your learners at qualifications.pearson.com This specification is Issue 2. Key changes are listed in the summary table on the next page. We will inform centres of any changes to this issue. The latest issue can be found on the Pearson website: qualifications.pearson.com This qualification was previously known as: (QCF) The QN remains the same. References to third party material made in this specification are made in good faith. Pearson does not endorse, approve or accept responsibility for the content of materials, which may be subject to change, or any opinions expressed therein. (Material may include textbooks, journals, magazines and other publications and websites.) All information in this specification is correct at time of going to publication. Ok ISBN All the material in this publication is copyright Pearson Education Limited 2017

3 Summary of Pearson BTEC Level 4 Diploma in Information Security Professional Competence specification Issue 2 changes Summary of changes made between previous Issue 1 and this current Issue 2 Section number All references to QCF have been removed throughout the specification Throughout Definition of TQT added Section 1 Definition of sizes of qualifications aligned to TQT Section 1 TQT value added Section 2 GLH range removed and replaced with lowest GLH value for the Section 2 shortest route through the qualification Reference to credit transfer within the QCF removed Section 4 QCF references removed from unit titles and unit levels in all units Section 11 Guided learning definition updated Section 11 Earlier issue(s) show(s) previous changes. If you need further information on these changes or what they mean, contact us via our website at: qualifications.pearson.com/en/support/contact-us.html.

4

5 Contents Purpose of this specification 1 1 Introducing Pearson BTEC Competence-based qualifications 2 What are Competence-based qualifications? 2 2 Qualification summary and key information 3 Qualification number and qualification title 4 Qualification objectives 4 Relationship with previous qualifications 4 Apprenticeships 4 Progression opportunities 5 Industry support and recognition 5 Relationship with National Occupational Standards 5 3 Qualification structure 6 Pearson BTEC Level 4 Diploma in Information Security Professional Competence 6 4 Assessment 9 Assessment requirements 10 Types of evidence 10 5 Centre resource requirements 11 General resource requirements 11 6 Centre recognition and approval 12 Approvals agreement 12 7 Quality assurance of centres 13 8 Programme delivery 14 9 Access and recruitment Access to qualifications for learners with disabilities or specific needs Unit format 17 Unit title 17 Unit reference number 17 Level 17 Credit value 17 Guided learning hours 17 Unit aim 17 Essential resources 17

6 Unit assessment requirements/evidence requirements 17 Learning outcomes 18 Assessment criteria 18 Unit 101: Health and Safety in ICT 19 Unit 303: Testing the Security of Information Systems 21 Unit 304: Carrying Out Information Security Risk Assessment 24 Unit 305: Investigating Information Security Incidents 27 Unit 306: Carrying Out Information Security Incident Management Activities 29 Unit 307: Carrying Out Information Security Forensic Examinations 32 Unit 308: Carrying Out Information Security Audits 34 Unit 309: System Operation 36 Unit 310: System Management 39 Unit 311: Creating an Event-Driven Computer Program 41 Unit 312: Creating an Object-Oriented Computer Program 44 Unit 313: Creating a Procedural Computer Program 47 Unit 314: Investigating and Defining Customer Requirements for ICT Systems 50 Unit 315: User Profile Administration 53 Unit 401: Develop Own Effectiveness and Professionalism 56 Unit 403: Testing the Security of Information Systems 60 Unit 404: Carrying Out Information Security Risk Assessment 63 Unit 405: Investigating Information Security Incidents 66 Unit 407: Carrying Out Information Security Forensic Examinations 68 Unit 408: Carrying Out Information Security Audits 70 Unit 409: IT and Telecoms System Operation 73 Unit 410: IT and Telecoms System Management 77 Unit 411: Designing and Developing Event-Driven Computer Program 80 Unit 412: Designing and Developing Object-Oriented Computer Program 83 Unit 413: Designing and Developing Procedural Computer Program 86 Unit 414: Investigating and Defining Customer Requirements for ICT Systems 89 Unit 415: Carrying out Information Security Risk Management Further information and useful publications Professional development and training Contact us 97

7 Purpose of this specification The purpose of a specification as defined by Ofqual is to set out: the qualification s objective any other qualification that a learner must have completed before taking the qualification any prior knowledge, skills or understanding that the learner is required to have before taking the qualification units that a learner must have completed before the qualification will be awarded and any optional routes any other requirements that a learner must have satisfied before they will be assessed or before the qualification will be awarded the knowledge, skills and understanding that will be assessed as part of the qualification (giving a clear indication of their coverage and depth) the method of any assessment and any associated requirements relating to it the criteria against which the learner s level of attainment will be measured (such as assessment criteria) any specimen materials any specified levels of attainment the Apprenticeship Framework in which the qualification is included, where appropriate. 1

8 1 Introducing Pearson BTEC Competencebased qualifications What are Competence-based qualifications? Competence-based qualifications reflect the skills and knowledge needed to do a job effectively. They are work-based qualifications that give learners the opportunity to demonstrate their competence in the area of work or job role to which the qualification relates. Competence-based qualifications are outcomes-based with no fixed learning programme, allowing flexibility in their delivery to meet the individual learner s needs. The qualifications are based on the National Occupational Standards (NOS) for the sector, which define what employees, or potential employees, must be able to do and know, and how well they should undertake work tasks and work roles. Most Competence-based qualifications form the competence component of Apprenticeship Frameworks. They are suitable for those in employment or those who are studying at college and have a part-time job or access to a substantial work placement. Most learners will work towards their qualification in the workplace or in settings that replicate the working environment. Colleges, training centres and/or employers can offer these qualifications provided they have access to appropriate physical and human resources. Sizes of Competence-based qualifications For all regulated qualifications, Pearson specify a total number of hours that it is estimated learners will require to complete and show achievement for the qualification this is the Total Qualification Time (TQT). The TQT value indicates the size of a qualification. Within the TQT, Pearson identifies the number of Guided Learning Hours (GLH) that we estimate a centre delivering the qualification might provide. Guided learning means activities, such as lessons, tutorials, online instruction, supervised study and giving feedback on performance, that directly involve tutors and assessors in teaching, supervising and invigilating learners. Guided learning includes the time required for learners to complete external assessment under examination or supervised conditions. In addition to guided learning, other required learning directed by tutors or assessors will include private study, preparation for assessment and undertaking assessment when not under supervision, such as preparatory reading, revision and independent research. As well as TQT and GLH, qualifications can also have a credit value equal to one tenth of TQT, rounded to the nearest whole number. TQT and credit values are assigned after consultation with users of the qualifications. NVQ/Competence-based qualifications are available in the following sizes: Award a qualification with a TQT value of 120 or less (equivalent to a range of 1 12 credits) Certificate a qualification with a TQT value in the range of (equivalent to a range of credits) Diploma a qualification with a TQT value of 370 or more (equivalent to 37 credits and above). 2

9 2 Qualification summary and key information Qualification title Pearson BTEC Level 4 Diploma in Information Security Professional Competence Qualification Number (QN) 601/3783/6 Accreditation start date August 2014 Certification end date December 2017 Approved age ranges Credit value 78 Please note that sector-specific requirements or regulations may prevent learners of a particular age from embarking on this qualification. Assessment Portfolio of Evidence (internal assessment) Total Qualification Time (TQT) 780 Guided learning hours 325 Grading information Entry requirements The qualification and units are at Pass grade No prior knowledge, understanding, skills or qualifications are required before learners register for this qualification. However, centres must follow the Pearson Access and Recruitment policy (see Section 9, Access and recruitment). 3

10 Qualification number and qualification title Centres will need to use the Qualification Number (QN) when they seek public funding for their learners. The qualification title, unit titles and QN are given on each learner s final certificate. You should tell your learners this when your centre recruits them and registers them with us. There is more information about certification in our UK Information Manual, available on our website, qualifications.pearson.com Qualification objectives The Pearson BTEC Level 4 Diploma in Information Security Professional Competence is for learners who work in, or want to work in the information security sector. It gives learners the opportunity to: demonstrate competence in relevant job roles within the information security sector develop knowledge and skills related to the specified job roles in the information security sector have existing skills recognised achieve a nationally recognised Level 4 qualification personally develop and engage in learning. Relationship with previous qualifications This is a new qualification. Apprenticeships E-skills UK includes the Pearson BTEC Level 4 Diploma in Information Security Professional Competence as the competence component for the Higher Apprenticeship in Information Security. 4

11 Progression opportunities Learners who have achieved the Pearson BTEC Level 4 Diploma in Information Security Professional Competence may progress to the Pearson BTEC Level 5 HND Diploma in Computing and Systems Development. Industry support and recognition This qualification is supported by e-skills UK, the Sector Skills Council for Information Technology. Relationship with National Occupational Standards This qualification is based on the e-skills UK National Occupational Standards (NOS) and the IISP (Information Security and Information Assurance Professionals) skills framework in Information Technology. 5

12 3 Qualification structure Pearson BTEC Level 4 Diploma in Information Security Professional Competence The learner will need to meet the requirements outlined in the table below before the qualification can be awarded. Minimum number of credits that must be achieved 78 Minimum number of credits that must be achieved at Level 4 48 Number of mandatory credits that must be achieved 15 Number of optional credits that must be achieved from Option Group 1 36 The remaining 27 credits may be achieved from: a combination of Option Group 1 and Option Group 2 OR Option Group 2 only 27 Unit Unit reference number Mandatory units All 15 credits MUST be achieved from this group Level Credit Guided learning hours 101 Y/500/7183 Health and Safety in ICT K/601/3502 Develop own Effectiveness and Professionalism Unit Unit reference number Option Group 1 units A minimum of 36 credits MUST be achieved from this group Level Credit Guided learning hours TS Testing Security No more than one unit to be completed from this section 303 T/505/5788 Testing the Security of Information Systems 403 A/505/5789 Testing the Security of Information Systems RA Risk Assessment No more than one unit to be completed from this section 304 T/505/5791 Carrying Out Information Security Risk Assessment 404 A/505/5792 Carrying Out Information Security Risk Assessment

13 Unit Unit reference number Option Group 1 units A minimum of 36 credits MUST be achieved from this group Level Credit Guided learning hours II Investigating Information Security Incidents No more than one unit to be completed from this section 305 F/505/5793 Investigating Information Security Incidents 405 D/505/5798 Investigating Information Security Incidents FE Forensic Examinations No more than one unit to be completed from this section 307 R/505/580 Carrying Out Information Security Forensic Examinations 407 M/505/5806 Carrying Out Information Security Forensic Examinations SA Security Audits No more than one unit to be completed from this section 308 A/505/580 Carrying Out Information Security Audits 408 A/505/5811 Carrying Out Information Security Audits RM Risk Management This single unit may be attempted 415 L/505/5814 Carrying Out Information Security Risk Management Unit Unit reference number Option Group 2 units. A maximum of 27 credits may be taken from this group. Level Credit Guided learning hours MA Management Activities This single unit may be attempted 306 F/505/5812 Carrying Out Information Security Incident Management Activities SO System Operation No more than one unit to be completed from this section 309 A/500/7340 System Operation R/504/5513 IT and Telecoms System Operation SM System Management No more than one unit to be completed from this section 7

14 Unit Unit reference number Option Group 2 units. A maximum of 27 credits may be taken from this group. Level Credit Guided learning hours 310 D/500/7332 System Management M/504/5504 IT and Telecoms System Management ED Event-Driven Computer Program No more than one unit to be completed from this section 311 F/601/3179 Creating an Event-Driven Computer Program 411 J/601/3300 Designing and Developing Event- Driven Computer Program OO Object-Oriented Computer Program No more than one unit to be completed from this section 312 L/601/3184 Creating an Object-Oriented Computer Program 412 T/601/3308 Designing and Developing Object- Oriented Computer Program CP Creating a Procedural Computer Program No more than one unit to be completed from this section 313 R/601/3171 Creating a Procedural Computer Program 413 T/601/3311 Designing and Developing Procedural Computer Program ID Investigating and Defining No more than one unit to be completed from this section 314 R/601/3249 Investigating and Defining Customer Requirements for ICT Systems 414 R/602/1772 Investigating and Defining Customer Requirements for ICT Systems UP User Profile Administration This single unit may be attempted 315 K/500/7379 User Profile Administration

15 4 Assessment This qualification is assessed through an externally verified Portfolio of Evidence that consists of evidence gathered during the course of the learner s work. To achieve a Pass for the full qualification, the learner must achieve all the required units in the stated qualification structure. Each unit has specified learning outcomes and assessment criteria. To pass each unit the learner must: achieve all the specified learning outcomes satisfy all the assessment criteria by providing sufficient and valid evidence for each criterion prove that the evidence is their own. The learner must have an assessment record that identifies the assessment criteria that have been met, and it should be cross-referenced to the evidence provided. The assessment record should include details of the type of evidence and the date of assessment. The unit specification or suitable centre documentation can be used to form an assessment record. It is important that the evidence provided to meet the assessment criteria of the unit and learning outcomes is: Valid Authentic Current Reliable Sufficient relevant to the standards for which competence is claimed produced by the learner sufficiently recent to create confidence that the same skill, understanding or knowledge persist at the time of the claim indicates that the learner can consistently perform at this level fully meets the requirements of the standards. Learners can provide evidence of occupational competence from: current practice where evidence is generated from a current job role a programme of development where evidence comes from assessment opportunities built into a learning programme. the Recognition of Prior Learning (RPL) where a learner can demonstrate that they can meet the assessment criteria within a unit through knowledge, understanding or skills they already possess without undertaking a course of development. They must submit sufficient, reliable, authentic and valid evidence for assessment. Evidence submitted based on RPL should provide confidence that the same level of skill/understanding/knowledge exists at the time of claim as existed at the time the evidence was produced. RPL is acceptable for accrediting a unit, several units, or a whole qualification. Further guidance is available in the policy document Recognition of Prior Learning Policy and process, available on our website: qualifications.pearson.com a combination of these. 9

16 Assessment requirements Learners must provide evidence according to the requirements stated in the unit. Types of evidence To achieve a unit, the learner must gather evidence that shows that they have met the required standard specified in the assessment criteria. The evidence for this qualification can take a variety of forms as indicated below: direct observation of the learner s performance by their assessor (O) outcomes from oral or written questioning (Q&A) products of the learner s work (P) personal statements and/or reflective accounts (RA) outcomes from simulation (S) professional discussion (PD) assignment, project/case studies (A) authentic statements/witness testimony (WT) expert witness testimony (EWT) evidence of Recognition of Prior Learning (RPL). Learners can use the abbreviations for cross-referencing purposes in their portfolios. Learners can also use one piece of evidence to prove their knowledge, skills and understanding across different assessment criteria and/or across different units. It is not necessary for learners to have each assessment criterion assessed separately. They should be encouraged to reference evidence to the relevant assessment criteria. Evidence must be available to the assessor, internal verifier and Pearson standards verifier. Any specific evidence requirements for individual units are stated in the unit introductions to the units. There is further guidance about assessment on our website. Please see Section 10 for details. 10

17 5 Centre resource requirements As part of the approval process, centres must make sure that the resource requirements below are in place before offering the Pearson BTEC Level 4 Diploma in Information Security Professional Competence. General resource requirements Centres must have the appropriate physical resources to support both the delivery and assessment of the qualification (for example, a workplace in line with industry standards, equipment, IT, learning materials and teaching rooms). Where permitted, a Realistic Working Environment (RWE) must offer the same conditions as the normal day-to-day working environment, with a similar range of demands, pressures and requirements for cost-effective working. Centres must meet any specific human and physical resource requirements. Staff assessing learners must meet the occupational competence requirements. There must be systems in place to ensure the continuing professional development for staff delivering the qualification. Centres must have appropriate health and safety policies, procedures and practices in place for the delivery of the qualification. Centres must deliver the qualifications in accordance with current equality legislation. For further details on Pearson s commitment to the Equality Act 2010, please see Section 9 Access and recruitment and Section 10 Access to qualifications for learners with disabilities or specific needs. For full details of the Equality Act 2010, please go to 11

18 6 Centre recognition and approval Centres that have not previously offered this Pearson qualification need to apply for, and be granted, centre recognition as part of the process for approval to offer this individual qualification. Guidance on seeking approval to deliver BTEC qualifications is given on our website, qualifications.pearson.com Approvals agreement All centres are required to enter into an approval agreement that is a formal commitment by the head or principal of a centre to meet all the requirements of the specification and any associated codes, conditions or regulations. Pearson will act to protect the integrity of the awarding of qualifications. If centres do not comply with the agreement, this could result in the suspension of certification or withdrawal of approval. 12

19 7 Quality assurance of centres Quality assurance is at the heart of vocational qualifications. Centres will internally assess Competence-based qualifications using internal quality assurance procedures to ensure standardisation of assessment across all learners. Pearson uses external quality assurance procedures to check that all centres are working to national standards. It gives us the opportunity to identify and provide support, if needed, to safeguard certification. It also allows us to recognise and support good practice. For the qualifications in this specification, the Pearson quality assurance model is as described below. Centres offering Pearson BTEC Competence-based qualifications will at least receive two standards verification visits per year. The exact frequency and duration of standards verifier visits must reflect the centre s performance, taking account of the number: of assessment sites and throughput of learners and turnover of assessors and turnover of internal verifiers. For centres offering a full Pearson Apprenticeship (i.e. all elements of the Apprenticeship are delivered with Pearson through registration of learners on a Pearson Apprenticeship framework) a single standards verifier will be allocated to verify all elements of the Pearson Apprenticeship programme. If a centre is also offering stand-alone Competence-based qualifications in the same sector as a full Pearson Apprenticeship, the same standards verifier will be allocated. In order for certification to be released, confirmation is required that the National Occupational Standards (NOS) for assessment, for internal verification and for the specific occupational sector are being consistently met. Centres are required to declare their commitment to ensuring quality and to providing appropriate opportunities for learners that lead to valid and accurate assessment outcomes. For further details, please go to the UK NVQ Quality Assurance Centre Handbook and the Pearson Edexcel NVQs, SVQs and Competence-based qualifications Delivery Requirements and Quality Assurance Guidance on our website, at qualifications.pearson.com. 13

20 8 Programme delivery Centres are free to offer the qualifications using any mode of delivery (for example full-time, part-time, evening only, distance learning) that meets learners needs. Centres must have due regard to Pearson s policies that may apply to different modes of delivery. Those planning the programme should aim to address the occupational nature of the qualification by: engaging with learners, initially, through planned induction, and subsequently through the involvement of learners in planning for assessment opportunities using naturally occurring workplace activities and products to present evidence for assessment against the requirements of the qualification developing a holistic approach to assessment by matching evidence to different assessment criteria, learning outcomes and units, as appropriate, thereby reducing the assessment burden on learners and assessors taking advantage of suitable digital methods to capture evidence. 14

21 9 Access and recruitment Pearson s policy regarding access to its qualifications is that: they should be available to everyone who is capable of reaching the required standards they should be free from any barriers that restrict access and progression there should be equal opportunities for all wishing to access the qualifications. Centres must ensure that their learner recruitment process is conducted with integrity. This includes ensuring that applicants have appropriate information and advice about the qualification to ensure that it will meet their needs. Centres should review applicants prior qualifications and/or experience, considering whether this profile shows that they have the potential to achieve the qualification. For learners with disabilities and specific needs, this review will need to take account of the support available to the learner during teaching and assessment of the qualification. The review must take account of the information and guidance in Section 10 Access to qualifications for learners with disabilities or specific needs. 15

22 10 Access to qualifications for learners with disabilities or specific needs Equality and fairness are central to our work. Pearson s Equality Policy requires all learners to have equal opportunity to access our qualifications and assessments. It also requires our qualifications to be awarded in a way that is fair to every learner. We are committed to making sure that: learners with a protected characteristic (as defined by the Equality Act 2010) are not, when they are undertaking one of our qualifications, disadvantaged in comparison to learners who do not share that characteristic all learners achieve the recognition they deserve from undertaking a qualification and that this achievement can be compared fairly to the achievement of their peers. Learners taking a qualification may be assessed in British Sign Language or Irish Sign Language where it is permitted for the purpose of reasonable adjustments. Further information on access arrangements can be found in the Joint Council for Qualifications (JCQ) document Access Arrangements, Reasonable Adjustments and Special Consideration for General and Vocational qualifications. Details on how to make adjustments for learners with protected characteristics are given in the document Pearson Supplementary Guidance for Reasonable Adjustment and Special Consideration in Vocational Internally Assessed Units. Both documents are on our website at: qualifications.pearson.com 16

23 11 Unit format Units have the following sections. Unit title This is the formal title of the unit that will appear on the learner s certificate. Unit reference number Each unit is assigned a unit reference number that appears with the unit title on the Register of Regulated Qualifications. Level All units and qualifications have a level assigned to them. The level assigned is informed by the level descriptors defined by Ofqual, the qualifications regulator. Credit value When a learner achieves a unit, they gain the specified number of credits. Guided learning hours Guided Learning Hours (GLH) is the number of hours that a centre delivering the qualification needs to provide. Guided learning means activities that directly or immediately involve tutors and assessors in teaching, supervising, and invigilating learners, for example lectures, tutorials, online instruction and supervised study. Unit aim This gives a summary of what the unit aims to do. Essential resources This section lists any specialist resources needed to deliver the unit. The centre will be asked to make sure that these resources are in place when it seeks approval from Pearson to offer the qualification. Unit assessment requirements/evidence requirements Learners must provide evidence according to each of the requirements stated in this section. 17

24 Learning outcomes The learning outcomes of a unit set out what a learner knows, understands or is able to do as the result of a process of learning. Assessment criteria Assessment criteria specify the standard required by the learner to achieve each learning outcome. 18

25 Unit 101: Health and Safety in ICT Unit reference number: Y/500/7183 Level: 1 Credit value: 3 Guided learning hours: 15 Unit aim This unit explores compliance with health and safety legislation when working in ICT. The basis of health and safety law is the Health and Safety at Work Act The act sets out the general duties that employers have towards employees and members of the public, and employees have to themselves and to each other. What the law requires here is what good management and common sense would lead individuals and organisations to do anyway: that is, identify risks and take sensible measures to tackle them. Health and safety legislation impacts not only on those who are employed at work, but on visitors, bystanders and customers who may be affected by actions of those engaged in work activities. Health and safety legislation is subject to constant review, and new legislation is introduced on a regular basis. This constant change must be monitored by organisations and individuals to identify actions required to remain compliant. Interpretation of the legislation may also be modified as a result of case law or other legal guidance. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 19

26 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to comply with relevant health and safety procedures 1.1 Identify relevant organisational health and safety procedures 1.2 Identify available sources of health and safety information 1.3 Demonstrate how relevant health and safety procedures have been followed Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 20

27 Unit 303: Testing the Security of Information Systems Unit reference number: T/505/5788 Level: 3 Credit value: 12 Guided learning hours: 40 Unit aim On completion of this unit, learners will be able to conduct security tests and be able to report the results of tests using standard documents. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 21

28 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to conduct security testing 1.1 Develop test scripts for specified information assurance requirements testing 1.2 Create plans that ensure that specified information assurance requirements are tested 1.3 Implement specified preparations prior to carrying out tests 1.4 Apply specified test methods, tools and techniques following organisational procedures 1.5 Record the results of tests using standard documentation 1.6 Implement specified activities following the completion of testing 2 Be able to report on test results 2.1 Examine the results of testing to identify security vulnerabilities 2.2 Prioritise identified vulnerabilities against specified information assurance requirement 2.3 Report any high priority vulnerabilities to the relevant persons following organisational procedures 2.4 Identify the type of actions required to mitigate identified vulnerabilities 2.5 Report the results of test activities using standard documentation following organisational procedures 22

29 Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 23

30 Unit 304: Carrying Out Information Security Risk Assessment Unit reference number: T/505/5791 Level: 3 Credit value: 9 Guided learning hours: 30 Unit aim On completion of this unit, learners will be able to gather information, assess and report on the risks to information security. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 24

31 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to gather information on information security risks 1.1 Verify the scope of information assets and system components to be assessed with relevant persons 1.2 Use specified investigative methods following organisational procedures 1.3 Gather information to enable the security of specified information assets and system components to be assessed 1.4 Record all gathered information using standard documentation 2 Be able to assess and report on information security risks 2.1 Examine gathered information to identify risks to the security of specified information assets and system components 2.2 Categorise the priority of identified risks by determining their probability of occurrence and potential impact 2.3 Report high priority risks to the relevant persons following organisational procedures 2.4 Determine the types of actions required to mitigate identified risks 2.5 Report the results of risk assessment activities using standard documentation following organisational procedures 25

32 Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 26

33 Unit 305: Investigating Information Security Incidents Unit reference number: F/505/5793 Level: 3 Credit value: 9 Guided learning hours: 23 Unit aim On completion of this unit, learners will be able to gather information to investigate, identify and report information security incidents. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 27

34 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to gather information to investigate information security incidents 2 Be able to investigate information security incidents 1.1 Identify the information assets and system components that may be impacted by detected incidents 1.2 Verify the scope of detected incidents with relevant persons 1.3 Obtain and preserve evidence relating to detected incidents 2.1 Undertake agreed investigative actions 2.2 Examine how access to the affected information assets and system components was obtained 2.3 Report to the relevant persons any incidents for which the mode of access cannot be identified 2.4 Make recommendations on the need for detailed forensic examinations 2.5 Report on incident investigation activities using standard documentation 2.6 Follow organisational procedures for investigation activities Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 28

35 Unit 306: Carrying Out Information Security Incident Management Activities Unit reference number: F/505/5812 Level: 3 Credit value: 9 Guided learning hours: 25 Unit aim On completion of this unit, learners will be able to carry out information security incident management activities and be able to gather information to manage incidents in information security. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 29

36 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to gather information to manage information security incidents 1.1 Follow organisational procedures for the detection and classification of incidents 1.2 Identify the information assets and system components that may be impacted by detected incidents 1.3 Verify the scope of detected incidents with relevant persons 1.4 Obtain information and data on incidents to assess their impact on information assets and system components 2 Be able to carry out information security incident management activities 2.1 Identify types of actions required to resolve incidents or mitigate their impact 2.2 Report any incidents that cannot be resolved or mitigated to the relevant persons following organisational procedures 2.3 Make recommendations for specific actions to be taken to respond to incidents 2.4 Report on incident management activities using standard documentation following organisational procedures 2.5 Follow organisational procedures for the closure of incidents 30

37 Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 31

38 Unit 307: Carrying Out Information Security Forensic Examinations Unit reference number: R/505/5801 Level: 3 Credit value: 6 Guided learning hours: 10 Unit aim This unit provides the relevant skills and methods for applying forensic examinations. On completion of this unit, learners will be able to report and undertake specific actions to secure relevant information in information security. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 32

39 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to carry out information security forensic examinations 1.1 Follow organisational procedures for forensic examinations 1.2 Undertake specified actions to secure information assets and system components subject to actual or attempted breaches of security 1.3 Apply forensic methods to examine specified system information for evidence of actual or attempted breaches of security policy or legislation 1.4 Report any identified sources of actual or attempted breaches of security to the relevant persons 1.5 Use specified tools to analyse the integrity of software 1.6 Report on forensic examination activities using standard documentation Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 33

40 Unit 308: Carrying Out Information Security Audits Unit reference number: A/505/5808 Level: 3 Credit value: 6 Guided learning hours: 10 Unit aim On completion of this unit, learners will be able to report, examine and follow organisational procedures on audit activities in information security. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 34

41 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to carry out information security audit activities 1.1 Verify the scope of information assets and system components to be audited with relevant persons 1.2 Use specified audit methods to obtain information and data relating to information assets and system components to assess security compliance 1.3 Examine information and data relating to information assets and system components to assess security compliance 1.4 Report any security non-compliance to the relevant persons 1.5 Report on audit activities using standard documentation 1.6 Follow organisational procedures for information security audits Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 35

42 Unit 309: System Operation Unit reference number: A/500/7340 Level: 3 Credit value: 12 Guided learning hours: 100 Unit aim System operation is the ability to operate and monitor a system, which can be any combination of equipment, hardware and software. This may include: using data backup and restore routines handling of incidents controlling and monitoring availability and performance of system components start-up/close-down routines scheduling routine or preventative maintenance maintenance of operating plans and schedules. Examples of operational activities are: replenishment of consumables routine or preventative maintenance data backups. A competent person at Level 3 can maintain and implement system operating procedures. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 36

43 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Know how to operate the system 1.1 Explain the operating procedures that are applicable to the system, such as: required service levels (e.g. availability, quality) routine maintenance monitoring data integrity (e.g. backups, antivirus) consumables use, storage and disposal health and safety escalation information recording and reporting obtaining work permissions security and confidentiality 1.2 Describe system functionality during normal operation 1.3 Describe the effects of operational activities on system functionality 37

44 Learning outcomes Assessment criteria Evidence type Portfolio reference Date 2 Be able to operate systems 2.1 Use and operate the system following appropriate procedures 2.2 Identify system faults and resolve or escalate system faults as appropriate 2.3 Gather and record specified operational information 2.4 Assess and minimise risks such as: loss or corruption of data loss of service damage to equipment effects on customer operations 3 Be able to maintain and implement system operating procedures 3.1 Provide advice and guidance on system operation to immediate colleagues 3.2 Select the procedures to be followed 3.3 Schedule operational activities to minimise disruption to system functionality 3.4 Collate operational information Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 38

45 Unit 310: System Management Unit reference number: D/500/7332 Level: 3 Credit value: 12 Guided learning hours: 100 Unit aim System management is the ability to manage ICT systems to ensure that they deliver the required functionality and capacity. A system can be any combination of equipment, hardware and software. System management could involve changing system configuration to meet shortterm fluctuations in demand (for example, high numbers of calls to specific telephone numbers). It could also involve longer-term changes such as increasing resources (for example, processing or storage capacity) to meet anticipated needs and taking account of advances in technology. A competent person at Level 3 can administer a system. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 39

46 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Understand how to administer a system 1.1 Describe how to configure the system 1.2 Describe ICT asset and configuration information applicable to the system such as: physical attributes (e.g. manufacturer, type, revision, serial number, location, value) configuration (e.g. physical and logical addresses, options set, connections) 1.3 Describe how available options for system configuration affect functionality and capacity 2 Be able to administer a system and change system configurations 2.1 Select configuration options to optimise system functionality and capacity 2.2 Make changes to system configuration 2.3 Specify items for which ICT asset and configuration information is to be recorded Learner name: Learner signature: Assessor signature: Internal verifier signature: (if sampled) 40

47 Unit 311: Creating an Event- Driven Computer Program Unit reference number: F/601/3179 Level: 3 Credit value: 12 Guided learning hours: 90 Unit aim This unit covers the more advanced concepts of event-driven computer languages and their use to implement, refine and test computer programs. Unit assessment requirements/evidence requirements This unit is assessed in the workplace. Learners can enter the types of evidence they are presenting for assessment and the submission date against each assessment criterion. Alternatively, centre documentation should be used to record this information. 41

48 Learning outcomes and assessment criteria To pass this unit, the learner needs to demonstrate that they can meet all the learning outcomes for the unit. The assessment criteria determine the standard required to achieve the unit. Learning outcomes Assessment criteria Evidence type Portfolio reference Date 1 Be able to implement a software design using event-driven programming 1.1 Identify the screen components and data and file structures required to implement a given design 1.2 Select, declare and initialise variable and data structure types and sizes to implement design requirements 1.3 Select and assign properties to screen components to implement design requirements 1.4 Select and associate events (including parameter passing) to screen components to implement design requirements 1.5 Implement event handling using control structures to meet the design algorithms 1.6 Select and declare file structures to meet design file storage requirements 1.7 Select and use standard input/output commands to implement design requirements 1.8 Make effective use of operators and predefined functions 1.9 Make effective use of an integrated development environment (IDE) including code and screen templates 42