Unit 539 Cyber Security
Level 512 Credits
ATHE Level 5 Diploma in Computing (QCF)
You have recently been appointed by Cyber Intelligence. One of the key functions of the business is to explore the vulnerabilities in organisations’ specific web-based or database systems. Cyber Intelligence provide specific cyber consultancy to a range of small business clients.
Your specific role will be to test their systems for vulnerabilities and to recommend improvements to secure the client’s network. At present you are participating in the induction programme at Cyber Intelligence and you need to create a file which will include all the information listed below. At the end of the induction you will need to present the file to your line manager.
Some parts of the file require you to apply information to a particular organisation and you should discuss and agree the choice of the organisation with your tutor who will act as your line manager.
- An analysis of current cyber security risks to organisations
- An evaluation of the different controls that can be used to manage cyber security risks
LO1, LO2 Assessment Criteria 1.1, 2.1
- A critical assessment of the vulnerabilities of the computer network security of your chosen organisation
- An evaluation of the impact of cyber security on your chosen organisation
- A critical evaluation of the cyber security strategies that are used within your chosen organisation, mapping these to industry standards
LO1, LO2 Assessment criteria:1.2, 1.3, 2.2, 2.3
Based on your analysis and evaluation of the vulnerabilities within the chosen system
- Produce a presentation which you would use with a client. The presentation materials must identify possible improvements to make the system secure.
- Produce a training plan for improving network security including user awareness and prevention mechanisms.
LO3 Assessment criteria:3.1, 3.2
Guidelines for assessors
The assignments submitted by learners must achieve the learning outcomes and meet the standards specified by the assessment criteria for the unit. The suggested evidence below is how learners can demonstrate that they have met the required standard.
|Activity number||Assessment criteria||Suggested evidence|
AC 1.1, 2.1
|The work in this section of the file can be done from a theoretical standpoint. The learner will produce a comprehensive analysis of current cyber security risks to organisations. The learner will need to carry out research to identify what is “current” and examples should be used to illustrate the points made and to help demonstrate understanding.|
The learner will evaluate the different controls that organisations may use to control cyber security risks. The evaluation should be balanced identifying strengths as well as areas for development. This could include reviewing strategies, policies, identifying gaps or misaligned resources.
AC 1.2, 1.3, 2.2, 2.3
|For work in this section of the file the learner will need access to an organisation and to their network which has vulnerabilities. This must be agreed with the tutor as the learner will need permission to test the system to reveal these vulnerabilities. The learner may need to be provided with help here to make this choice.|
The learner will test the system and analyse the benefits and drawbacks to identify security vulnerabilities. The learner needs to assess each of the vulnerabilities and report on their findings. The learner will evaluate the impact that cyber security has on their chosen organisation, outlining any current threats and attacks that have been evidenced recently.
The learner will produce a critical evaluation of the cyber security strategies that the organisation uses and will research best practice and map these strategies, again identifying strengths and weaknesses for the organisation.
AC 3.1, 3.2
|Following testing and analysis of the current system, the learner will make recommendations for improvements to the client’s current system to secure their network. These should be directly related to the analyses which have been carried out for the organisation and recent good practice and industry standards. The presentation materials produced should be appropriate for the intended audience.|
The learner will then produce a training plan which outlines what the staff within the organisation need to know about network security to ensure the improvements are understood and retained. The training plan will cover user awareness, security training and prevention mechanisms as a minimum. The plan should be an outline of the training to be conducted but it will need to provide some detail so that the training plan can be carried out within the organisation.