Public Sector - Draft 2

PSPSEC005 Undertake government security risk analysis_validation

Please scroll down to review the various sections of this document. You can leave a comment by clicking on .
You can choose to be notified when someone else comments by clicking on
You can unsubscribe from notifications by clicking on

Unit application and prerequisites

UNIT CODE

PSPSEC005

UNIT TITLE

Undertake government security risk analysis

APPLICATION

This unit describes the performance outcomes, skills and knowledge required to analyse risk against an organisation's operational environment.

 

This unit applies to those working at an operational level, in specialist or generalist roles across all areas within an organisation.

Those undertaking this unit would work independently and as part of a team using support resources and performing complex tasks in a range of familiar and unfamiliar contexts.

 

The skills in this unit must be applied in accordance with Commonwealth and State or Territory legislation, Australian standards and industry codes of practice.

 

No occupational licensing, certification or specific legislative or certificate requirements apply to this unit at the time of publication.

PREREQUISITE UNIT

Nil

COMPETENCY FIELD

Security

UNIT SECTOR

 

0 Comments

This section doesn't have any comments.

Elements and performance criteria

ELEMENTS

PERFORMANCE CRITERIA

Elements describe the essential outcomes

Performance criteria describe the performance needed to demonstrate achievement of the element.

  1. Establish security risk context
    1. Confirm strategic and organisational contexts and identify stakeholders and their expectations.
    2. Identify current and relevant security risk criteria from the security plan.
    3. Obtain information and resources to conduct the risk analysis.
  1. Identify security risk
    1. Identify and record potential sources of security risk from the perspective of all stakeholders.
    2. Use specified methodology and tools to identify risks.
    3. Consult stakeholders during the risk identification process to finalise a list of risks.
  1. Analyse security risk
    1. Identify threat assessments, current exposure and current security arrangements to estimate the likelihood of each risk event occurring.
    2. Determine potential consequences of each risk including critical lead time for recovery.
    3. Determine, document and communicate risk ratings and include a rationale for each.
  1. Evaluate security risk
    1. Assess risks against the organisation’s security risk criteria.
    2. Prioritise risks for treatment.
    3. Monitor risks until treatment measures have been implemented.
  1. Compile security risk register
    1. Develop a security risk register that records identified risks, their nature and source.
    2. Identify the consequences and likelihood of risks, and the adequacy of existing controls in the register.
    3. Record risk ratings for identified risks in register.
    4. Compile and maintain the security risk register to reflect changes in circumstances.
    5. Refer risk register to management for decisions on action and treatment of risks.

0 Comments

This section doesn't have any comments.

Foundation skills

FOUNDATION SKILLS

Foundation skills essential to performance in this unit, but not explicit in the performance criteria are listed here, along with a brief context statement.

SKILLS

DESCRIPTION

Reading skills to:

  • apply legislation, regulations and policies relating to government security management.

Writing skills to:

  • write formal and sometimes complex reports.

Oral communication skills to:

  • use effective communication with diverse stakeholders involving listening, questioning, paraphrasing, clarifying, summarising.

Numeracy skills to:

  • represent mathematical information in diverse formats.

UNIT MAPPING INFORMATION

Release 1: Supersedes and is equivalent to PSPSEC005 Undertake government security risk analysis

LINKS

Companion Volume Implementation Guide

0 Comments

This section doesn't have any comments.

Performance evidence

TITLE

Assessment Requirements for PSPSEC005 Undertake government security risk analysis

PERFORMANCE EVIDENCE

Evidence of the ability to complete tasks outlined in elements and performance criteria of this unit in the context of the job role, and on at least one occasion:

  • analyse an organisation’s security plan
  • research and critically analyse the operational environment and document conclusions
  • write formal and highly complex reports.

0 Comments

This section doesn't have any comments.

Knowledge evidence

KNOWLEDGE EVIDENCE

Demonstrated knowledge required to complete the tasks outlined in elements and performance criteria of this unit:

  • legislation, regulations, policies, procedures and guidelines relating to government security management
  • fraud control and protective security policies
  • Australian Government Information Security Manual (ISM) and its successors
  • Protective Security Policy Framework and its successors
  • risk analysis terminology and techniques
  • the organisation’s security plan
  • the organisation’s assets and security environment
  • ISO Standards relating to government security management.

0 Comments

This section doesn't have any comments.

Assessment conditions

ASSESSMENT CONDITIONS

Skills must be demonstrated in either a:

  • workplace environment or
  • simulated environment.

 

Simulated assessment environments must simulate the real-life working environment where the skills and knowledge within this unit would be utilised, with all the relevant equipment and resources of that working environment.

 

Assessment must ensure access to:

  • legislation, policy, procedures and protocols relating to government security management
  • organisational standards and documentation
  • tools and methods used in the organisation for security risk analysis
  • case studies and workplace scenarios to capture the range of situations likely to be encountered when undertaking government security risk analysis.

 

Assessors must satisfy the Standards for Registered Training Organisations’ requirements for assessors.

LINKS

Companion Volume Implementation Guide

0 Comments

This section doesn't have any comments.