ICT Security Threats - IT/CU/ICT/CR/3/6 - PDF
Document Details
Uploaded by RemarkableBeauty1292
Africa International University
Tags
Summary
This document outlines the unit of competency for controlling ICT security threats. The unit covers learning outcomes, content, and suggested assessment methods.
Full Transcript
ICT SECURITY THREATS -------------------- **UNIT CODE: IT/CU/ICT/CR/3/6** **Relationship to Occupational Standards** This unit addresses the unit of competency: **CONTROL ICT SECURITY THREATS** **Duration of Unit:**200hours **Unit Description** This unit specifies competencies required to cont...
ICT SECURITY THREATS -------------------- **UNIT CODE: IT/CU/ICT/CR/3/6** **Relationship to Occupational Standards** This unit addresses the unit of competency: **CONTROL ICT SECURITY THREATS** **Duration of Unit:**200hours **Unit Description** This unit specifies competencies required to control ICT security threats. It involves identification of security threats, establishing and installing security measures, deployment of security measures, system vulnerability testing and monitoring. **Summary of Learning Outcomes** 1. Identify security threats 2. Establish and Install security measures 3. Deploy security measures 4. Test system vulnerability 5. Monitor security system **Learning Outcomes, Content and Suggested Assessment Methods** +-----------------------+-----------------------+-----------------------+ | **Learning Outcome** | **Content** | **Suggested | | | | Assessment Methods** | +=======================+=======================+=======================+ | 1. Identify security | - Definition of | - Practical | | threats | security threats | | | | | - Oral questioning | | | - Categories of | | | | security threats | - Written tests | | | | | | | | | | | | | | | - Internal | | | | | | | | - external | | | | | | | | | | | | | | | | - Importance of | | | | Computer Security | | | | to an | | | | Organization | | | | | | | | - Identification of | | | | Common threats | | | | | | | | | | | | | | | | - Fraud and theft | | | | | | | | - Employee sabotage | | | | | | | | - Loss of physical | | | | and | | | | infrastructure | | | | support | | | | | | | | - Malicious hackers | | | | and code | | | | | | | | - Industrial | | | | espionage | | | | | | | | - Threats to | | | | personal privacy | | | | | | | | - Natural | | | | Calamities | | | | | | | | - Cyber crime | | | | | | | | | | | | | | | | - Constraints to | | | | computer security | | | | | | | | - Cost | | | | | | | | - User | | | | responsibilit | | | | y | | | | | | | | - Integration | | | | challenges | | | | | | | | - Inadequate | | | | Assessment | | +-----------------------+-----------------------+-----------------------+ | 2. Establish and | - Definition of | - Written tests | | Install security | security risk | | | measures | management | - Observation | | | | | | | - Benefits of Risk | - Report writing | | | management | | | | | - Practical | | | - Risk management | | | | procedures | | | | | | | | | | | | | | | | - Risk assessment | | | | | | | | - Risk mitigation | | | | Uncertainty | | | | analysis | | | | | | | | - interdependencies | | | | | | | | - cost | | | | considerations | | | | | | | | | | | | | | | | - Benefits of | | | | security measures | | | | | | | | - Types of Security | | | | measures | | | | | | | | | | | | | | | | - Firewalls | | | | | | | | - User accounts | | | | control | | | | | | | | - Security policies | | | | | | | | - Antivirus | | | | | | | | - Encryption | | | | | | | | - Secure Socket | | | | Layer protocol | | | | (SSL) | | | | | | | | - Multi-factor | | | | authentication | | | | | | | | - Malware detection | | | | | | | | - Site monitoring | | | | | | | | - Daily or weekly | | | | backups | | | | | | | | | | | | | | | | - Application of | | | | security measures | | +-----------------------+-----------------------+-----------------------+ | 3. Deploy security | - Implement | - Practical | | measures | security measures | | | | contained in the | - Oral questioning | | | ICT security | | | | policy | - Short tests to | | | | assess | | | - Apply physical | underpinning | | | and logical risk | knowledge. | | | mitigation | | | | measures | | | | | | | | | | | | | | | | - Take corrective | | | | action | | | | | | | | - Security audit to | | | | identify security | | | | gaps | | | | | | | | - Generate system | | | | audit report | | +-----------------------+-----------------------+-----------------------+ | 4. Test system | - Definition of | - Practical | | vulnerability | vulnerability | exercises | | | | | | | - System testing | - Oral questioning | | | schedule | | | | | | | | - Levels of system | | | | vulnerability | | | | | | | | - Ethical | | | | penetration | | | | | | | | - System | | | | vulnerability | | | | test report | | +-----------------------+-----------------------+-----------------------+ | 5. Monitor security | - Define monitoring | - Practical | | system | criteria | exercises | | | | | | | - Evaluation of | - Oral questioning | | | system security | | | | performance based | - Short tests to | | | on defined | assess | | | criteria | underpinned | | | | knowledge. | | | - updating and | | | | overhauling of | | | | Security systems | | | | | | | | - Generate | | | | monitoring report | | +-----------------------+-----------------------+-----------------------+ **Suggested Methods of Delivery** - Presentations and practical demonstrations by trainer; - Guided learner activities and research to develop underpinning knowledge; - Supervised activities and projects in a workshop; The delivery may also be supplemented and enhanced by the following, if the opportunity allows: - Visiting lecturer/trainer from the ICT sector; - Industrial visits. **Recommended Resources** +-----------------------------------------------------------------------+ | **Tools** | | | | 1. Monitoring tools | | | | 2. CCTV | | | | 3. Maintenance tools | | | | 4. firewalls | | | | 5. antivirus | | | | 6. anti-spy ware | | | | 7. password management software | +=======================================================================+ | **Equipment** | | | | screw driver | | | | sensors | | | | cctv | | | | Computer | +-----------------------------------------------------------------------+ | **Materials and supplies** | | | | - Digital instructional material including DVDs and CDs | +-----------------------------------------------------------------------+ | **Reference materials** | | | | Manufacturers manuals | +-----------------------------------------------------------------------+