The Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as:

Similar documents
Unit purpose and aim. Designing and Developing a Web Site. OCR unit number 42 Level: 4 Credit value: 15 Guided learning hours: 90

OCR LEVEL 1 NVQ FOR IT USERS (03384) OCR LEVEL 2 NVQ FOR IT USERS (03385) OCR LEVEL 3 NVQ FOR IT USERS (03386)

Systems and Principles Unit Syllabus

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

Level 5 Award in Understanding the Management of Physical and Cyber Asset Security in the Water and Environmental Industries

Networking Infrastructure

Principles of ICT Systems and Data Security

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

BIIAB ICT Systems and Principles for IT Practitioners and Professionals Qualifications Handbook

Progression from this unit could be to J0HB 34 Penetration Testing to test the effectiveness of the firewall and its configuration.

Unit code: D/601/1956 QCF Level 5: BTEC Higher National Credit value: 15

Vocational Qualifications (QCF, NVQ, NQF) ICT Professional Competence. OCR Report to Centres

QCF. Business and Administration. Centre Handbook

ProQual Internal Quality Assurance Qualifications

Unit 2 Essentials of cyber security

Level 5 Award in the Independent Auditing of External Quality Assurance. Qualification Specification

BIIAB Level 2 Certificate in Libraries, Archives and Information Services (QCF)

IQ Level 4 Award in Understanding the External Quality Assurance of Assessment Processes and Practice (QCF) Specification

The Learner can: 1 Follow recommended safe practices

Quality Assurance Criteria (China)

QCF Level 3: BTEC Specialist Credit value: 10 Guided learning hours: 60. Aim and purpose. Unit introduction

Certificate and Diplomas in ICT Professional Competence ( /02/03/04)

ProQual External Quality Assurance Qualifications. Level 4 Award in the External Quality Assurance of Assessment Processes and Practice

QCF. Leisure Operations. Centre Handbook. OCR Level 2 Certificate in Leisure Operations Entry code 10279

Level 3 Principles of ICT Systems and Data Security ( / )

Qualification Specification. Level 2 Award in Bid Management

Design a Small or Home Office Network

Specification. Edexcel qualifications. Edexcel Level 3 Award in Reviewing Health and Safety Procedures in the Workplace(QCF)

Qualification Specification. Higher Apprenticeship in Business & Professional Administration Level 4 (England)

Marketing on Mobile Devices. SQA code H8PW 04. SCQF level 6. SCQF credit points

Pearson BTEC Level 4 Diploma in Information Security Professional Competence

Qualification Specification. Suite of Internal Quality Assurance Qualifications

datasheet Certificate/Diploma in Business and Administration Main features of the qualifications Introduction Target audience

Level 1 Award in Employee Rights and Responsibilities (QCF)

Unit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15

QCF. Business Skills. Centre Handbook

Principles of Contact Centre Operations OCR Level 2 Certificate/Level 3 Certificate in Principles of Contact Centre Operations

Level 3 Diploma in Social Media for Business (QCF)

LEARNING AND DEVELOPMENT 9DI -ASSESSOR QUALIFICATION

Setting up an IT Network

Level 1 Certificate in Reception Services ( )

Designing Messaging Solutions with Microsoft Exchange Server 2007 (70-237)

Qualification Specification. Level 2 Award in Problem Solving for Practitioners In Community Safety and Crime Prevention

The task or context will be familiar and involve few variable aspects. The techniques used will be familiar or commonly undertaken.

Level 5 Diploma in Crime Prevention Designing Out Crime

NEN The Education Network

Vocational Qualifications (QCF, NVQ, NQF) Using ICT. OCR Report to Centres Entry Level Award Using ICT (Entry 3) 01679

Level 3 itq Certificate for IT Users

Designing an Effective Web Based User Experience

ASSESSMENT STRATEGY FOR IMI ACCIDENT REPAIR ACCREDITATION

QUALITY ASSURANCE POLICY. Quality Assurance Policy. September 2016 Version 2.0 Policy authorised by Responsible Officer

Setting up an IT Network

Digital Health Cyber Security Centre

Unit code: Y/601/1423 QCF Level 4: BTEC Higher National Credit value: 15

Unit 3 Building IT systems

Unit 3 Cyber security

Qualification Specification. Social Media and Digital Marketing (England) Advanced Apprenticeship in Social Media and Digital Marketing

Local Area Networking Technologies

Unit 21: Creating computer graphics (LEVEL 2)

CACHE Level 4. Internal Quality Assurance Qualifications. Qualification facts

Higher National Unit specification: general information. Graded Unit 2

V&A/Icon Conservation and Collections Care Technicians Diploma What is the V&A / Icon Conservation and Collections Care Technicians Diploma?

Data Breach Incident Management Policy

Awards and Certificates in Employability Skills (Northern Ireland) (5546)

National Vocational Qualifications Delivered Overseas policy

RTO Policy 9: Issuing Qualifications

SUMMARY This core skills Unit develops skills in using a computer system to process a range of information.

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Model Curriculum. Analyst Security Operations Centre SECTOR: IT-ITeS SUB-SECTOR: IT Services OCCUPATION: Information/Cyber Security SSC/Q0909 REF ID:

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Unit title: Client Side Scripting for Web Applications (SCQF level 7)

External Quality Assurance

Level 2 Award in Understanding the Criminal Justice System (QCF) Qualification Specification

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Reception Operations and Services

Unit 4 Computer networks

Advanced Security Tester Course Outline

LESSOR Group CVR no.:

Qualification Specification. Business Administration (England) Intermediate Level Apprenticeship in Business Administration

1.1 Research and describe the current and historical concepts and principles of graphics design to include: a) composition and layout

NOCN_Cskills Awards Level 1 Diploma in Construction and Civil Engineering Services (Construction)

Unit 22: Creating sound using ICT (LEVEL 2)

Level 3 Implementing an ICT systems security policy ( / )

Internet Server Management

Qualification Specification. Skills for Engineering Level 1

BTEC Centre Guide to Standards Verification

BTEC Centre Guide to Standards Verification

LESSOR Group CVR no.:

EAL Level 3 Award In Approving Electrical Installation Work in Dwellings in Compliance with Building Regulations (QCF)

Higher National Unit specification: general information. Graded Unit title: Computing: Networking: Graded Unit 2

Higher National Unit specification: general information. Computing: PC Hardware and Operating Systems Essentials

Level 2 Award in Control of Water-borne Infections within Healthcare

Advanced Manufacturing. and Engineering. Safe Working Practice in the Wind Turbine Industry. Level 2 Diploma in. Qualification Specification

EDI Level 3 Diploma in IT User Skills (ITQ Apprentice)

Graded Unit title: Computing: Networking: Graded Unit 2

F9A0 04 (ESKINT2): Using the Internet 2

Unit title: Computing: Website Design and Development (SCQF level 5)

Level 3 Award in Introduction to Crime Prevention

Audit Report. Chartered Management Institute (CMI)

Level 2 ITQ Award/Certificate/Diploma for IT Users

Transcription:

Unit Title: OCR unit number 38 Level: 3 Credit value: 12 Guided learning hours: 100 Unit reference number: Security of ICT Systems D/500/7220 Candidates undertaking this unit must complete real work activities in a work environment. Simulation is only allowed in exceptional circumstances (please refer to the centre handbook for further details). Unit purpose and aim To develop knowledge, understanding to ensure the security of an ICT system and its data using security tools and assisting in the security auditing process. Learning Outcomes The Learner will: 1 Know the common types of security threat to an organisation, its IT system and its data, with relevant methods and procedures for protecting it The Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as: unauthorised use of a system without damage to data; unauthorised removal or copying of data or code from a system damage to or destruction of physical system assets and environment damage to or destruction of data or code inside or outside the system preventing normal use of a system (eg denial of service attack) 1.2 Describe specified data protection methods: system data security facilities surveillance and monitoring methods effects of system Candidates must have a good understanding of security threats associated with the following: weak external security on LAN unauthorised use of a system without damage to data poorly protected passwords unauthorised removal or copying of data or code from a system damage to or destruction of data or code inside or outside the system hardware and media loss or theft unauthorised access through internet connections risks from disasters or other unforeseen events file permissions hackers, both external and internal inside and out Candidates must have an OCR 2013 1

Learning Outcomes configuration on data protection 1.3 Describe specified methods of providing physical security for ICT systems: access control devices (e.g. locks, biometric controls, CCTV) and their configuration limiting visibility of data (e.g. by positioning of monitors, using encryption) shielding (e.g. cable screening, Faraday cages) types and appropriate uses of access records and authorisations how to allocate access authority 1.4 Describe relevant procedures 2 Apply security measures 2.1 Configure and apply specified security tools to identify and prevent breaches of security, such as: internal system tools (e.g. passwords and permissions, malware scanning, firewall, VPN, authentication and encryption facilities) external tools (e.g. access control devices) 3 Monitor security procedures 3.1 Assist in ensuring compliance with procedures, including: participating in security audits gathering and recording information on security initiating suitable actions to deal with identified breaches of security understanding of methods for protecting data and providing physical security to ICT systems. Candidates must have an understanding of procedures that should be implemented to secure ICT systems and data. Candidates must know how to select and use a range of security tools to identify and prevent breaches of security. Candidates must know how to apply security measures to an ICT system including: implementing password policy including locking down user accounts; securing administrator s permissions; restricting access to critical services; installing or updating system security software security tools to prevent breaches of security assisting in ensuring 2 OCR 2013

Learning Outcomes compliance with procedures eg participating in security audits, penetration testing, monitoring security procedures, gathering and recording information on security, initiating suitable actions to deal with identified breaches of security Assessment Candidates undertaking this unit must complete real work activities in order to produce evidence to demonstrate they are occupationally competent. Real work is where the candidate is engaged in activities that contribute to the aims of the organisation by whom they are employed, for example in paid employment or working in a voluntary capacity. Simulation is only allowed for aspects of units when a candidate is required to complete a work activity that does not occur on a regular basis and therefore opportunities to complete a particular work activity do not easily arise. When simulation is used, assessors must be confident that the simulation replicates the workplace to such an extent that candidates will be able to fully transfer their occupational competence to the workplace and real situations. Internal quality assurance personnel must agree the use of simulated activities before they take place and must sample all evidence produced through simulated activities. It is the assessor s role to satisfy themselves that evidence is available for all performance, knowledge and evidence requirements before they can decide that a candidate has finished a unit. Where performance and knowledge requirements allow evidence to be generated by other methods, for example by questioning the candidate, assessors must be satisfied that the candidate will be competent under these conditions or in these types of situations in the workplace in the future. Evidence of questions must include a written account of the question and the candidate s response. Observations and/or witness testimonies must be detailed and put the evidence into context ie the purpose of the work etc. All of the assessment criteria in the unit must be achieved and clearly evidenced in the submitted work, which is externally assessed by OCR. Evidence for the knowledge must be explicitly presented and not implied through other forms of evidence. Evidence requirements All aspects of the assessment criteria must be covered and evidence must be available that shows where and how the assessment objectives have been achieved. Assessment Criterion 1 Candidates should provide detailed examples of the types of security weaknesses associated with wired and wireless systems and how they can be prevented. Candidates must describe a range of data protection methods and how they are applied. OCR 2013 3

Candidates must describe a range of methods used to physically secure ICT systems and how they are implemented. Candidates must describe the relevant security procedures used by an organisation. Assessment Criterion 2 Candidates must provide evidence of configuring and applying at least 3 different security tools. Assessment Criterion 3 Candidates must identify, install and configure security tools to prevent breaches in system security eg: Malware scanning VPN Authentication facilities eg smart card External tools eg access control devices Candidates must provide evidence of assisting with compliance verification of organisational security procedures eg: Security audits Penetration testing Monitoring security procedures Gathering and recording information on security Initiating suitable actions to deal with identified breaches of security Candidates are encouraged to choose activities which will allow them to cover all or a majority of the criteria at one time. It is not necessary to use different activities for each element of the criterion. Guidance on assessment and evidence requirements Evidence can reflect how the candidate carried out the process or it can be the product of a candidate s work or a product relating to the candidate s competence. For example: The process that the candidate carries out could be recorded in a detailed personal statement or witness testimony. It is the assessor s responsibility to make sure that the evidence a candidate submits for assessment meets the requirements of the unit. Questioning the candidate is normally an ongoing part of the assessment process, and is necessary to: test a candidate s knowledge of facts and procedures check if a candidate understands principles and theories and collect information on the type and purpose of the processes a candidate has gone through. candidate responses must be recorded It is difficult to give a detailed answer to how much evidence is required as it depends on the type of evidence collected and the judgement of assessors. The main principles, however, are as follows: for a candidate to be judged competent in a unit, the evidence presented must satisfy: all the items listed, in the section Learning Outcomes 4 OCR 2013

all the areas in the section The quality and breadth of evidence provided should determine whether an assessor is confident that a candidate is competent or not. Assessors must be convinced that candidates working on their own can work independently to the required standard. Additional information For further information regarding administration for this qualification, please refer to the OCR document Admin Guide: Vocational Qualifications (A850) on the OCR website www.ocr.org.uk. OCR 2013 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback