PROMOTE WORKPLACE CYBER SECURITY AWARENESS AND BEST PRACTICES
STUDENT GUIDE
PROMOTE WORKPLACE CYBER SECURITY AWARENESS AND BEST PRACTICES
bsbxcs402
Table of Contents
TOC h z t "RTO Works Heading 1,1" Overview PAGEREF _Toc55381920 h 4Topic 1: Cyber security awareness PAGEREF _Toc55381921 h 5Topic 2: Using effective cyber security practices PAGEREF _Toc55381922 h 15Topic 3: Reviewing cyber security21
OverviewApplication of the unit
This unit describes the skills and knowledge required to contribute to promote cyber security in a work area.
It applies to those working in a broad range of industries who as part of their job role support policies, procedures and practice within an organisation that promote cyber security.
No licensing, legislative or certification requirements apply to this unit at the time of publication.
Learning goals
Learning goals include:
developing cyber security awareness in work area
supporting effective cyber security practices in work area
reviewing cyber security awareness in work area.
Topic 1: Cyber security awarenessCyber security in the workplace
Protecting a companys information, data, assets, knowledge and systems, networks and business continuity, requires putting in effective measures to ensure that digital access is secure.
Cyber security practices can lower the risk of a cyber-attack such as unauthorised access, money extortion or data corruption.
Activity: Watch
The following video shows the anatomy of a cyber attack unfolding
https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html (04:14)
Write down your key takeaways.
The trainer/assessor will facilitate a discussion about the outcomes from the video.
INCLUDEPICTURE "https://images.unsplash.com/photo-1544717305-f9c88f2897bc?ixlib=rb-1.2.1&ixid=eyJhcHBfaWQiOjEyMDd9&auto=format&fit=crop&w=1000&q=80" * MERGEFORMATINET
Image by Icons8 Team on UnsplashHow much do employees know?
An organisation can have the highest level of security in place, but it will not succeed if workers are not aware of the risks related to cyber security. Promoting workplace cyber security awareness and supporting effective practices can support the success of a business cyber security strategy.
Activity: Watch
Companies spend millions of dollars every year to protect their private data from cyber attack. However, ordinary people can undermine all their hard work with one mistake - and we often do. Most successful security breaches happen not because of sophisticated attacks, but due to human failures.
Watch this Ted talk by Mark Burnette: The humanity behind cyber security attacks
https://www.youtube.com/watch?v=pnADP41earI(18:22)
Write down your key takeaways.
The trainer/assessor will facilitate a discussion about the outcomes from the video.
Cyber security awareness means employees are educated and can:
As part of your job role in promoting cyber security the main question to always ask is:
ARE YOU DOING ENOUGH?
Developing awareness, supporting policies, procedures and best practices will be part of helping to ensure that you are doing your best to minimise the cyber threats to the organisation.
However, everyones job will be different with varying levels of authority and permissions to an organisations information and data systems. By identifying what employees know and understand about cyber risks and how these can be managed, will be an important step in the levels and consequences of risks that an organisation can face through cyber-attacks.
This must be relevant to roles and responsibilities as well as a holistic understanding of the organisation and industry within which employees work.
To find out what employees know and understand you will need to conduct surveys, interviews, consult and focus on their work activities within their job role so that the cyber security is contextualised and specific to the activities and duties that they are undertaking.
Once you have established what the level of awareness is, then the next step would be to have training and education to support effective cyber security practices.
For example, using a survey to find out information about how a person undertakes their job and the cyber security efforts that they currently use:
How often do you change your password?
Do you access the network from home? What security do you have in place on your computer?
What should you do if you receive an email that includes an embedded link to a special deal?
List three things that you do to protect company data in your job role.
Using an employees job description and focussing on questions that relate to their work role can provide a clear picture on an employees level of awareness. For example, someone who manages data entry:
When using the database to enter in client contacts, how can you protect the data once entered?
How are the client records kept private and confidential to other employees?
What information can you give out about the client contacts in the database?
Using a program such as survey monkey or creating a list of questions that can be distributed by hand are two ways of collecting this type of information.
This information can then be used to identify what should be included in the cyber security awareness program. For example, the survey may find that 60% of staff are not changing their password often enough. You can then focus on the training and education to cover this aspect of cyber security awareness.
Activity: Research
Go to www.surveymonkey.com and check out how the surveys can be developed.
Read about survey design:
Survey Design 101The trainer/assessor will facilitate a discussion about the outcomes from the research.
Developing a cyber security awareness program
Once you have found out what the level of awareness of cyber security in a workplace, the next step would be to develop a program that could be used to promote and manage best practices. The information collected from surveys, interviews, consultations, or other relevant research conducted can ascertain the level of understanding, if there are any gaps, what the risks are of these gaps and then what can be done to educate and train employees.
You may need to firstly identify:
responsibilities and roles for cyber security in employee work areas
a list of the associated risks and how to deal with them
the causes and consequences if not managed.
The above factors can then be promoted through training and education and then outlined as compliance through organisational policies and procedures.
Common risks associated with workplace cyber security can be:
Although there will be different forms of cyber security threats for each work area, organisational best practices can ensure that common security risk measures can be enforced.
This could be best practices such as:
The importance of password security
Email, internet, and social media policies
How to protect company data
How to identify and report cyber security threats.
The different forms of cyber security threats could cover:
A cyber security awareness program can provide employees with the information, knowledge, tools and resources to manage threats. To work, you may need to make cyber security training mandatory for new employees and then update and repeat on a regular basis. Providing policies and procedures can also provide guidance and support compliance.
Cyber security policies and procedures
An organisations best practices and part of a cyber security awareness program can be implemented through policies and procedures.
They will be dependent on the industry and work activities being carried out as well as what has been identified as the threats to the organisation. Some broad areas could cover:
Securely storing, sharing and managing information Where data should be stored and how it should be named.
Procedures to follow for sharing information with different levels of authority.
The use of passwords and protections on files, systems or network
Encryption, and protocols for its uses Measures used to keep safe from malicious attacks, breaches and incidents such as firewalls, encryption for passwords and incident response for threats.
Data classification and management Organising information assets and how these should be securely managed; such as the classification of data based on the level of sensitivity.
Media/document labelling Information security management through implementing compliant classifications and standards for documents and media.
Data governance What needs to be protected, how and who is responsible.
Identifying the data owner, data domain custodian, data steward and responsibilities to implement and govern control.
Acceptable use How to access and manage social media, apps and the security of information released online.
Limitations and boundaries such as limiting remote access.
Bring your own device What is acceptable and what is not.
Permissions and authority to access procedures.
Unsecured access risks.
Unprotected mobile access.
Legislative and regulation requirements Data protection through the Privacy Act 1988.
The Australian Federal Governments regulations managing cyber security through the Notifiable Data Breaches (NDB) scheme. This relates to the Privacy Amendment (Notifiable Data Breaches) Act 2017.
International legislation broadly covering corporate governance, whistle blowing, anti-corruption, data privacy and white collar crime covered in legislation. An example is the National Cyber security Protection Act of 2014(USA).
(Visit for a list of links relating to cyber security legislation for Australia and International: https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/rp1819/Quick_Guides/CybersecurityCybercrimeCybersafety)
Activity: Read
Consolidate your learning by reading through the following information:
How to create a cyber security policy:
https://www.business.gov.au/risk-management/cyber-security/how-to-create-a-cyber-security-policyThe Privacy Act 1988 covering data protection:
https://www.oaic.gov.au/privacy/the-privacy-act/13 Australian Privacy Principles governing standards, rights and obligations for protecting and securing data and information:
https://www.oaic.gov.au/privacy/australian-privacy-principles/Notifiable Data Breach (NDB) Scheme and implications for unauthorised access of data:
https://www.mailguard.com.au/partner-blog/cybersecurity-legislation-ndb-20180202International legislation information:
https://globalcompliancenews.com/cyber-security/cyber-security-around-the-world/An example of a Cyber Security Policy:
https://ppl.app.uq.edu.au/content/cyber-security-policyTake any notes to summarise what you have read and keep for future reference.
Communicating to personnel
An organisations cyber security policy and procedures should outline the assets that require protecting, what the threats are to those assets and the controls and guidelines for protecting them. It should guide employees on what can be shared, where and how, acceptable use procedures and the handling, storage and protection of sensitive information.
Therefore, the development of a cyber security policy must address key information relating to:
Communicating policies and procedures
Communicating the cyber security policies and procedures to relevant personnel and the way in which this has been done could greatly affect whether or not they are implemented and carried out successfully.
It can also go toward creating a positive cyber security culture and promote good practice to external stakeholders such as clients and auditors.
A structured approach to communicating cyber security policies and procedures could be as follows.
Firstly, you need to structure a communication plan to provide a framework and record of what is communicated, how, when, who by and what medium.
Next would be implementing a set of initiatives to inform employees of the cyber security program, such as online compulsory training modules or presenting policy frameworks to heads of department to inform teams.
Employees need to be engaged and follow through with the policy guidelines and procedures, so the communication may need to be gradual, consistent and regular.
Above all communication needs to be:
clear
concise
relevant
timely
in a presentable format
available on the most appropriate platforms and mediums.
Activity: Read
To find out more about effective communication, read the information at the following link:
https://www.proofhub.com/articles/effective-communicationTake any notes to summarise what you have read and keep for future reference.
Policies and procedures can be explained via training workshops, inductions, team meetings, workshops, as a compulsory aspect for new employees, or distributed via the organisations intranet, email or sent in paper format for signature to acknowledge their responsibility for compliance; an organisation needs to ensure that employees recognise and are compliant with security best practices.
The need to be able to support this through its effective communication of the policies and procedures can also be further implemented through reminders and restrictions, for example if an employee does not change their password within the time provided then they are restricted from accessing the internet.
It is therefore important that the implementation of policies and procedures are consistently monitored, reviewed and any non-compliance is recognised and acted upon.
Activity: Watch
Read the article and watch the informative video on high level cyber policy making
https://www.forbes.com/sites/cognitiveworld/2019/08/30/we-need-cyber-policy-now/#78789edb1e17 (43:12)
Take any notes and write down your key takeaways for discussion.
The trainer/assessor will facilitate a discussion.
Activity: Read
Read the following information on how to run effective cyber security awareness training:
https://blog.ironbastion.com.au/running-effective-security-awareness-training/Watch the embedded video.
Take any notes to summarise what you have read and keep for future reference.
Activity: Group work Cyber Security team project
Divide into small groups. Ensure you divide the work equally. This will be your project team.
You are to work collaboratively as part of a cyber security team to help develop a cyber security awareness program for staff. This will include a policy, an information sheet and a training session.
The program will be eventually presented to your group in a training workshop situation (as part of the activity in the next topic).
Read the scenario:
Bam ford Community College has identified from a survey that the following will need to be included in a Cyber Security Policy:
Best organisational practices for keeping student information private and confidential
How to set, store and change passwords
Email security measures
BYOD (Bring your own device) procedures and rules
Implications of Notifiable Data Breach legislation
The 13 Australian Privacy Principles from the Privacy Act 1988.
The program must also include an information sheet:
Organisational expectations including how to prepare, identify, prevent, detect, respond to security incidences
Researched information on insights from cyber security trend analysis
(for example viawww.abs.gov.au or https://clutch.co/it-services/resources/how-employees-engage-company-cybersecurity-policies)
Ensure that the information is:
Clear and concise
Professionally presented
Uses specific and industry-related terminology relating to cyber security
You will need to present the policy to staff and carry out a demonstration of at least one best cyber security practice using an appropriate technology platform to assist with promoting cyber security to teachers in their work role. Ensure you work collaboratively with your team to develop an innovative approach.
The policy must be written in a clearly structured and professionally presented document; the information sheet and training format and medium can be up to the teams.
Send an email attaching your policy and documents to your supervisor for approval and feedback (the trainer/assessor).
Your trainer/assessor will provide your group with feedback.
Topic 2: Using effective cyber security practicesReviewing cyber security practices
To support the effective implementation of cyber security practices, it will be necessary to review these to ensure that employees are following the policies and procedures communicated.
Consider the following cyber security practices and why you need to review these:
Virus protection Software may not be updated.
Authorisation to protected files Staff may leave or change roles
Acceptable use policy New social media apps being introduced or restricted
Bring your own device New staff not following guidelines
Legislative and regulation requirements These can constantly change so need to be reviewed and current practices updated accordingly.
Image byScience in HDonUnsplashReview and updating cyber security practices should be a continual and cyclic process as threats can change as the business, industry, resources, staff and environment changes. Using reporting mechanisms for tracking changes and making updates can provide a formal process to ensure that any modifications are recorded and followed up.
Upon review you may find that the practices are:
Activity: Watch
Read the article and watch the video on the top security predictions for 2021:
https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-21-security-predictions-for-2021.htmlWrite down your key takeaways.
The trainer/assessor will facilitate a discussion about the outcomes from the video.
Activity: Research and discuss
Review the following cyber security practices that are not being followed and identify what issues could arise from each.
A virus has been detected, contracted from downloading software not approved by the department. No updates have been performed on the operating system software. Staff are not undertaking the mandatory professional development training on cyber security best practices. Review the following Cyber Policy:
https://www.jcu.edu.au/policy/information-and-communications-technology/cybersecurity-policyWhat principles could you apply to the above practices not being implemented?
The trainer/assessor will facilitate a discussion.
Training
Training in cyber security awareness can, as previously mentioned, promote a culture that supports effective cyber security practices.
There are many platforms, methods and training techniques that may be utilised by an organisation. For example: Conducting training workshops, developing online training modules, integrating into training and education professional development or informal instruction and promotion from senior management.
Some techniques for implementing and promoting workplace cyber security awareness include:
simulation or role play activities such as phishing request emails
using rewards and incentives
promoting success
distributing information on security issues and trends
using videos, podcasts, webcasts or audio casts to promote understanding.
Facilitating training will need people with the knowledge, skills and experience to relay the information in an understandable and clear format that is appropriate to the work team. This can include consideration of the audience level, capability, roles and responsibility, work area, threats as well as communicating current organisational best practices that need to be promoted.
Maintaining updates
Once you have reviewed the cyber security practices, the next step would be to ensure that everyone is updated.
Security threats can emerge and also become less threatening or frequent, so you have to ensure that the policies and procedures reflect changes as soon as they occur and these are then communicated and any relevant documentation updated in a timely manner.
New information could include legislative changes, changes to staffing, identification of new risks or threats, changes in business processes, new standards, feedback from employees or breaches of security leading to new data security protocols being needed.
Updating could include:
changing cyber security policies
inclusion of new protocols or security encryption
changing the impact of threat and the likelihood that it will happen
further controls implemented to prevent ransom ware, phishing or hacking
new best practices.
Updates could also include related records in risk registers, incident response plans and asset registers.
Arranging training and information updates could be by:
Incorporating new training modules and conducting compulsory workshops;
Distributing new information through updated policies and procedures;
Announcing updates on the organisations intranet;
Updating documents and records that relate to any updates received.
Any new information should be incorporated into policies and procedures, as no matter how small, it could have dire effects if not acted upon.
Communicating feedback from reviews
To further support effective cyber security practices, the insights gained from review and training can be presented to highlight any potential impacts on the workplace.
For example:
Staff are not undertaking the mandatory professional development training on cyber security best practices. This can lead to staff not complying to their workplace roles and responsibilities according to their job description.
Impacts include:
Potential data loss, corruption, virus infiltration, business continuity, downtime, lack of cyber security culture.
Presenting these insights can be done through formal presentations or staff meetings, highlighting any gaps and best practices that must be followed and why. It could also mean discussing the cyber security awareness program with senior management to gain further funding or approval for more training and education for staff.
At this point you may also gain further information that may not have otherwise been collected via previous feedback.
Activity: Group work Cyber Security team project
Divide into your project team.
You are to work collaboratively as part of your cyber security team to support effective cyber security practices.
The cyber security awareness program is to be presented to your group in a training workshop situation. It can be in any format, platform or medium as long as it is relevant and appropriate.
You are to include:
An outline of the cyber security policy including:
Best organisational practices for keeping student information private and confidential
How to set, store and change passwords
Email security measures
BYOD (Bring your own device) procedures and rules
The program must also include:
Organisational expectations including how to prepare, identify, prevent, detect, respond to security incidences
Researched information on insights from cyber security trend analysis
(for example viawww.abs.gov.au or https://clutch.co/it-services/resources/how-employees-engage-company-cybersecurity-policies)
Ensure that the information is:
Clear and concise
Professionally presented
Uses specific and industry-related terminology relating to cyber security
For your training program use a variety of strategies and techniques for promoting workplace cyber security.
You will need to present the policy to staff and carry out a demonstration of one best practice using an appropriate technology platform to assist with promoting cyber security to teachers in their work role.
Your trainer/assessor will organise the timings for the training and provide your group with feedback.
Topic 3: Reviewing cyber securityCyber security is a constantly fast changing and evolving environment with new threats and trends impacting organisations.
Keeping abreast of what is happening, new advances or different approaches and strategies to cyber security best practices, will help to ensure that the organisation is up to date, current and aware of potential new risks.
The damage that could be caused to a business can be far reaching, often with devastating effects such as loss of reputation, data, staff and revenue.
So, what are the latest security threats and trends currently impacting organisations?
Use of cloud services and the security issues
Skills gaps
Continued data breaches
Incorporating security automation/Artificial Intelligence (AI) including deep learning and threat detection
Lack of training and education
No cyber incident response plans in place
Lack of security on mobile devices used by employees
Escalation of Denial of Service Attacks (DoSAs)
Risks caused by using the Internet of Things (IoT) in the workplace such as unencrypted data transmission at entry points
Phishing threats still rank highly leading to ransomware attacks, malware distribution, fraudulent payments and crypto jacking.
Activity: Watch
Watch the following webinar on insights into todays cyber-attacks (2020)
https://www.brighttalk.com/webcast/7451/384866The trainer/assessor will facilitate a discussion about the outcomes from the video.
Suggesting improvements
By reviewing the latest security threats and trends you can apply this information to support improvements and provide further awareness of issues impacting organisations.
Consider that some of the highest percentage of attacks are through lack of employee awareness. This could affect the ability to identify and respond appropriately to an email containing malware for example. Some improvements could be to:
provide instructional simulated training to staff
issue notices on phishing tactics and what to look for
present trends and analysis figures to highlight how an organisation is impacted.
Image byClint PattersononUnsplashLook at the following table and brainstorm some improvements:
Cyber security skill gaps have been identified within an organisation Ineffective firewall controls A ransom ware incident Mobile apps with known issues are still being used Activity: Research and Report
Your organisation has asked you to write a report that addresses cyber security trends. You can select an organisation to provide context to the research.
The report should include:
A spreadsheet or graph that visualises the impact of cyber security threats and trends.
Three cyber security threats and strategies for each to minimise the risk to an organisation.
Two different Australian government sources of information on current cyber security threats.
Your report should be between 12 pages long and be written in clear and concise English.
Submit your report to your assessor trainer/assessor for feedback.
Communicating improvements
To provide front line defence, ensure threats are kept to a minimum and cyber security awareness is continually updated, any review outcomes identified as improvements required, should be communicated in a timely manner.
Any new information that could help an organisation against cyber security threats, need to be integrated into policies and procedures and then communicated through training or modules to support the updates.
Imagine if you have conducted research and found that online chat messaging being used by your organisation can lead to phishing and malware attacks. You must act on this information and change the way in which the organisation uses the application, modifying the way in which they instruct staff in its use or providing a list of security risks associated with the app.
The most important factors here are:
keeping up to date with changes, trends and new security threats
reviewing outcomes and improvements
communicating these in accordance with work roles and responsibilities
conducting training and education to promote awareness and understanding
updating policies and procedures and associated documents
including organisational best cyber security practices across all work areas.
And remember:
More than 70% of security incidents are caused by human actions. Make your employees a strong first line of defence.
Source: https://www.infosequre.com Activity: Group work Cyber Security team project
Divide into your project team.
You are to work collaboratively as part of your cyber security team to review cyber security awareness.
The cyber security awareness program has been presented to your work team and now you must review the following new threats and make some suggestions on what should be improved for the cyber security awareness program:
Lack of cyber security culture
Not being able to recognise malware
Low level understanding of cloud security threats.
Create a brief program that can be used to address and promote further cyber security best practices.
You will need to present this information to your group Ensure that the information is:
Clear and concise
Professionally presented
Uses specific and industry-related terminology relating to cyber security
Lastly, create a survey that can be used to determine if the level of awareness of staff has improved (you can survey each of the other groups on the information that you have presented).
Use the responses collected from the survey to inform senior management your trainer/assessor) on the outcomes from the training and any potential impacts this may have on the workplace along with suggestions for improvements.
Draft an email providing these insights to senior management (your trainer/assessor), include the survey, responses and your analysis.
Your trainer/assessor will provide your group with feedback.
Student Name: _________________________________________
Date: / / 20 .
STUDENT ASSESSMENT TASK
PROMOTE WORKPLACE CYBER SECURITY AWARENESS AND BEST PRACTICES
bsbxcs402
Table of Contents
TOC o "1-3" h z t "RTO Works Heading 1,1" Introduction PAGEREF _Toc49330519 h 4Assessment Task 1: Knowledge Questions PAGEREF _Toc49330520 h 5Assessment Task 1: Checklist PAGEREF _Toc49330521 h 9Assessment Task 2: Project Portfolio PAGEREF _Toc49330522 h 10Assessment Task 2: Checklist PAGEREF _Toc49330523 h 15Final Results Record PAGEREF _Toc49330524 h 17
IntroductionThe assessment tasks for BSBXCS402 Promote workplace cyber security awareness and best practices are outlined in the assessment plan below. These tasks have been designed to help you demonstrate the skills and knowledge that you have learnt during your course.
Please ensure that you read the instructions provided with these tasks carefully. You should also follow the advice provided in the IT Works Student User Guide. The Student User Guide provides important information for you relating to completing assessment successfully.
Assessment for this unit
BSBXCS402 Promote workplace cyber security awareness and best practices describes the performance outcomes, skills and knowledge required to promote cyber security in a work area.
For you to be assessed as competent, you must successfully complete two assessment tasks:
Assessment Task 1: Knowledge questions You must answer all questions correctly.
Assessment Task 2: Project You must work through a range of activities and complete a project portfolio.
Assessment Task 1: Knowledge QuestionsInformation for studentsKnowledge questions are designed to help you demonstrate the knowledge which you have acquired during the learning phase of this unit. Ensure that you:
review the advice to students regarding answering knowledge questions in the IT Works Student User Guide
comply with the due date for assessment which your assessor will provide
adhere with your RTOs submission guidelines
answer all questions completely and correctly
submit work which is original and, where necessary, properly referenced
submit a completed cover sheet with your work
avoid sharing your answers with other students.
i
Assessment information
Information about how you should complete this assessment can be found in Appendix A of the IT Works Student User Guide. Refer to the appendix for information on:
where this task should be completed
the maximum time allowed for completing this assessment task
whether or not this task is open-book.
Note: You must complete and submit an assessment cover sheet with your work. A template is provided in Appendix C of the Student User Guide. However, if your RTO has provided you with an assessment cover sheet, please ensure that you use that.
Questions
Provide answers to all of the questions below:
Complete the table below by identifying the title of the legislation for each legislation area and then describing the relevance of the legislation to cyber security and impact on business.
Legislation Legislation title Relevance to cyber security and impact on business
Data protection and privacy Notifiable data breaches International legislation Complete the table below.
Organisational policies and procedures Provide a brief description of what this organisational policy and procedure might address.
Securely storing, sharing and managing information (information management) Encryption (and protocols for its uses) Data classification and management Media/document labelling Data governance Acceptable use Bring your own device Complete the table below and identify three Australian government sources of information on current threats. As a minimum identify the website reference and a brief description of the information provided.
Australian government sources of information on current threats
List three risks that are associated with workplace cyber security.
Consider the following: Billy is a Team Leader and wants to make sure that all of this team understands workplace cyber security. Answer the following questions.
Describe a strategy that Billy could use with this team to promote workplace cyber security. Describe a communication technique that Billy could use to assist in promoting and implementing workplace cyber security. Describe a training technique that Billy could use to assist in promoting and implementing workplace cyber security.
Assessment Task 1: ChecklistStudents name:
Did the student provide a sufficient and clear answer that addresses the suggested answer for the following? Completed successfully? Comments
Yes No Question 1a Question 1b Question 1c Question 1d Question 2a Question 2b Question 2c Question 2d Question 2e Question 2f Question 2g Question 3 Question 4 Question 5a Question 5b Question 5c Task outcome: Satisfactory Not satisfactory
Assessor signature: Assessor name: Date: Assessment Task 2: Project PortfolioInformation for students
In this task, you are required to demonstrate your skills and knowledge by working through a number of activities and completing and submitting a project portfolio.
You will need access to:
a suitable place to complete activities that replicates a business environment including a meeting space and computer and internet access
your learning resources and other information for reference as indicated in the assessment tasks
Project Portfolio template.
Ensure that you:
review the advice to students regarding responding to written tasks in the IT Works Student User Guide
comply with the due date for assessment which your assessor will provide
adhere with your RTOs submission guidelines
answer all questions completely and correctly
submit work which is original and, where necessary, properly referenced
submit a completed cover sheet with your work
avoid sharing your answers with other students.
i
Assessment information
Information about how you should complete this assessment can be found in Appendix A of the IT Works Student User Guide. Refer to the appendix for information on:
where this task should be completed
how your assessment should be submitted.
Note: You must complete and submit an assessment cover sheet with your work. A template is provided in Appendix B of the Student User Guide. However, if your RTO has provided you with an assessment cover sheet, please ensure that you use that.
Activities
Complete the following activities:
Carefully read the following:
This project requires you to promote cyber security in a work area.
You will be collecting evidence for this unit in a Project Portfolio. The steps you need to take are outlined below.
Vocational education and training is all about gaining and developing practical skills that are industry relevant and that can help you to succeed in your chosen career. For this reason, basing your project on real situations and relationships with classmates or work colleagues will mean that you are applying your knowledge and skills in a relevant, practical and meaningful way!
You will be collecting evidence for this unit in a Project Portfolio. The steps you need to take are outlined below. Before you begin, complete page 4 of your Project Portfolio.
Remember as you complete this assessment that you can refer to industry standards and legislation as you documented in your answers to the Knowledge test.
Develop and administer a survey.
Assume that in order to find out about cyber security awareness and practices, you are required to develop and administer a survey. The requirements for the survey are that it must:
include at least 10 questions
include questions that seek opinions about potential gaps in cyber security and practices
be based on best practice survey design
is electronic
is secure so as to ensure cyber security.
Once your survey is complete, you must provide it to five (5) other students for completion. In the introduction to the survey, explain how you have ensured the survey is secure.
Once they provide you with their completed surveys, review the results and document your findings in your project portfolio.
Create a cyber security awareness program.
You are to create a cyber security awareness program using the results of your survey to identify gaps in awareness and practices. This can be in the form of a presentation such as a PowerPoint Presentation or any other similar presentation software. Your presentation is to be for about 15 minutes.
You are also to review the latest cyber security threats and trends that impact business and weave these into your program.
Your program must include reference to a range of cyber security matters, a minimum of two.
Your program should reflect best practices in cyber security.
You are to also assume that based on your findings from your survey and research that you have decided to develop one set of policy and procedures focussing on a particular aspect of cyber security of your choice.
Use the policy and procedures format in the Student Resources folder. As a guide your policy and procedures would be 1 2 pages.
In the next activity you will be presenting your program and policy and procedures as part of a training program. Your assessor will assign you to a group of students and collectively you are to arrange a suitable date and time for each of you to present your training program.
Make sure that you use clear, specific and industry-related terminology relating to cyber security in all of the documents you develop.
You are also to consider as you complete this part of this assessment what you have learnt and changes you will make to your own cyber security practices. At the training and information session you will need to describe the changes that you have made.
Now complete Section 1 of your Project Portfolio.
You are also required to attach certain documents as part of your evidence review the documents you need to attach as outlined in your in Section 1 of the Project Portfolio and make sure you attach these upon submission.
Training and information session.
In a group round-table style discussion with a student group of approximately five, you will present your cyber security program and policies and procedures. Other students in your group will also present their training which will allow you to collaborate as a team and also to gain further insights into cyber security awareness.
Take notes so you can complete Section 2 Project Portfolio after the meeting.
Each person will have a turn (approximately 15 minutes per person) to present:
Their cyber security program that promotes awareness and best practices.
The latest cyber security threats and trends and that impact business.
Their policy and procedures that addresses cyber security awareness and practices.
Changes you have made to your own behaviour based on your learnings.
Your assessor will be looking to see that you can:
demonstrate effective communication skills including:
Speaking clearly and concisely
Using non-verbal communication to assist with understanding
Asking questions to identify required information
Responding to questions as required
Using active listening techniques to confirm understanding
Once each person has presented their program and policy and procedures, as a group you are to discuss:
Any gaps that you still think there are in your awareness about cyber security awareness and practices and the impact these gaps might have on a workplace.
Feedback regarding the program that each of you delivered (each person must be provided with feedback).
Improvements that should be made to cyber security practices based on your learnings from your own research and analysis as well as others programs.
You will record the discussion above in your portfolio.
i
This can either be viewed in person by your assessor or you may like to video record the session for your assessor to watch later. Your assessor can provide you with more details at this step. Make sure you follow the instructions above and meet the timeframes allocated.
Develop an information update
Based on the feedback you received at your training and information session, develop an approximately one page update about an aspect of cyber security that you consider both you and group require further information about. You can include graphics and images to make the information more appealing.
Completing this task will also demonstrate that you can also maintain your cyber security awareness program.
Now finalise completing Section 2 of your Project Portfolio.
You are also required to attach certain documents as part of your evidence review the documents you need to attach as outlined in your in Section 2 of the Project Portfolio and make sure you attach these upon submission.
Submit your completed Project Portfolio
Make sure you have completed all sections of your Project Portfolio, answered all questions, provided enough detail as indicated and proofread for spelling and grammar as necessary.
You should also file all the documents you have developed for this assessment in logically named folders. Include a screenshot of folders and files within in it.
Submit to your assessor for marking.
Assessment Task 2: ChecklistStudents name:
Did the student: Completed successfully? Comments
Yes No Develop cyber security awareness in their work area by:
Identifying current level of awareness in work area relating to cyber security through developing and administering a survey.
Creating a cyber security awareness program reflecting best practice.
Developing one set of cyber security policies and procedures. Use secure platforms for developing and administering survey? Review latest cyber security threats and trends impacting organisations? Support effective cyber security practices in work area by:
Reviewing cyber security practices by developing and administering a survey according to requirements.
Arranging training and information updates for the group. and that support awareness in relation to two different cyber security matters.
Presenting the cyber security awareness program and policy and procedures to the team.
Discussing insights from review of cyber security awareness and practices and training and information provided, as well as gaps and their impacts on workplace.
Maintaining records of all documentation prepared as part of this assessment. Maintain cyber security program by developing an update based on the feedback provided following the information and training sessions? Change behaviour based on information learnt about cyber security? Document and communicate outcomes of review and suggested improvements in their Project Portfolio for consideration by their assessor? Use clear, specific and industry-related terminology relating to cyber security in all of documents developed? Task outcome: Satisfactory Not satisfactory
Assessor signature: Assessor name: Date:
Final Results RecordStudent name: Assessor name: Date Final assessment results
Task Type Result
Satisfactory Unsatisfactory Did not submit
Assessment Task 1 Knowledge questions S U DNS
Assessment Task 2 Project Portfolio S U DNS
Overall unit results C NYC Feedback
My performance in this unit has been discussed and explained to me.
I would like to appeal this assessment decision.
Student signature: Date:
I hereby certify that this student has been assessed by me and that the assessment has been carried out according to the required assessment procedures.
Assessor signature: Date:
PROMOTE WORKPLACE CYBER SECURITY AWARENESS AND BEST PRACTICES
project portfolio student
bsbxcs402
Table of Contents
TOC o "1-3" h z t "RTO Works Heading 1,1" Section 1: Cyber security awareness and practices PAGEREF _Toc49331042 h 5Section 2: Cyber security awareness and practices maintenance PAGEREF _Toc49331043 h 7
Student name: Assessor: Date: Business this assessment is based on: Team members:
Section 1: Cyber security awareness and practicesSurvey
Check each of the following boxes to confirm your survey addresses each item:
include at least 10 questions
include questions that seek opinions about potential gaps in cyber security and practices
be based on best practice survey design
is electronic
is secure so as to ensure cyber security.
Explain how you have ensured the survey is secure. Survey feedback
Include the name of each person that provided the feedback.
Summarise your key findings about cyber security awareness and practices based on your survey. Cyber security awareness program
As per the assessment instructions you are to create a cyber security awareness program.
You do not need to include any information here except for the title of your presentation. Remember to attach your presentation below. Policy and procedure
As per the assessment instructions you are to develop one set of policy and procedures focussing on a particular aspect of cyber security of your choice.
You do not need to include any information here except for the title of your policy and procedure. Remember to attach your policy and procedure below. 697865233045Attach: Survey
Completed surveys
Cyber security program presentation
Policy and procedures
Section 2: Cyber security awareness and practices maintenanceDiscussion summary
As per the assessment instructions you are to document the key points from the discussion you had after the training and information session including:
Any gaps that you still think there are in your awareness about cyber security awareness and practices and the impact these gaps might have on a workplace.
Feedback regarding the program that you delivered.
Improvements that should be made to cyber security practices based on your learnings from your own research and analysis as well as others programs. Information update
As per the assessment instructions you are to develop information update focussing on a particular aspect of cyber security as per the discussion following the training and information session.
You do not need to include any information here except for the title of your Information update. Remember to attach your Information update below. 703580217170 Attach: Information update
