Unit 6: Cyber Defence Management
|UNIT TITLE||Develop and implement a cyber defence programme|
This unit describes skills and knowledge required to identify and solve an organisations cyber security problems through assessing current cyber security measures, developing a programme in consultation with others and guiding, leading and monitoring the execution of the programme.
It applies to individuals, employed or contractors who are working in positions of authority and are approved to implement change within a department or across the organisation. They will have responsibility for directly supervising others.
No occupational licensing, certification or specific legislative requirements apply to this unit at the time of publication.
|Elements describe the essential outcomes of the unit||Performance criteria describe the performance needed to demonstrate achievement of the element.|
|1. Identify cyber risks and establish the objectives of a cyber defence programme||
1.1 Establish cyber security goals in consultation with senior management or client
1.2 Conduct research using organisational and industry information to establish potential attackers
1.3 Assess and establish critical vulnerabilities faced by the organisation
1.4 Review strengths and weaknesses of current software in the business and establish cyber security risks
1.5 Establish likelihood of risk occurring, potential consequence of compromise, consequence if risk occurs
1.6 Prioritise identified risks and develop mitigation solutions
|2. Develop a cyber defence programme||
2.1 Develop a programme detailing goal, strategy, objectives, tasks to be completed and frequency, tactics to be employed, and tools for execution
2.2 Establish human, technological, equipment and time resource requirements to execute cyber defence plan
2.3 Conduct a capabilities analysis of existing employees to determine human resource requirements to meet goals
2.4 Establish roles and responsibilities of internal team members and external suppliers
2.5 Detail monitoring strategies to measure performance of internal team members and external suppliers and effectiveness of programme in achieving desired goals
2.6 Establish reporting requirements for ongoing communication with senior management and key stakeholders
2.7 Obtain approval from senior management or the client to source resources and execute cyber security activities
|3. Manage the execution of the defence programme||
3.1 Plan and participate in recruitment activities to select team members for execution of the plan
3.2 Establish training needs and nominate training providers to develop team members
3.3 Define selection criteria for external suppliers of goods and service
3.4 Assess and select preferred suppliers of goods and services
3.5 Allocate tasks and objectives to individual team members and external suppliers
3.6 Collect and review monitoring data and identify and implement corrective action
3.7 Comply with reporting requirements as documented in the defence programme
Foundation skills essential to performance are explicit in the performance criteria of this unit of competency
|UNIT MAPPING INFORMATION||No equivalent Unit|
|TITLE||Assessment Requirements for CYBEDIC006 Develop and implement a cyber defence programme|
Evidence of the ability to complete tasks outlined in elements and performance criteria of this unit in the context of the job role, and:
The learner must be able to demonstrate essential knowledge required to effectively do the task outlined in elements and performance criteria of this unit, manage the task and manage contingencies in the context of the work role.
This includes knowledge of:
Assessment may be in the form of:
Both practical skills and knowledge must be assessed.
No specialist vocational competency requirements for Assessors apply to this unit.