NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

Transcription

1 NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0

2 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security procedures for digital systems Review and implement security for digital systems See IT Professional NOS 902 Information Risk Management 905 Operational Security Management

3 ESKITU040 Use safe and secure practices when working with digital systems Overview This standard is about protecting hardware, software and the data within an IT system against theft, malfunction and unauthorised access. It involves staying safe online, reporting any safety issues and following guidelines about the use of IT. It includes using unique passwords, running virus protection software and backup systems; also protecting digital devices and printed information.

4 ESKITU040 Use safe and secure practices when working with digital systems Performance criteria You must be able to: 1. take appropriate safeguarding precautions when using the Internet 2. identify when and how to report online safety issues to the appropriate person within organisational timescales 3. comply with any organisational rules governing the use of the Internet 4. run security software as required to protect digital systems from viruses and malware 5. maintain secure systems by using unique and secure PINs and passwords 6. adopt secure practices to protect personal information online in line with organisational guidelines 7. conduct online transactions in line with organisational guidelines 8. take precautions in line with organisational data protection policies to protect against loss or theft of mobile devices and printed information 9. comply with organisational safety and security practices for using digital systems

5 ESKITU040 Use safe and secure practices when working with digital systems Knowledge and understanding You need to know and understand: 1. how to report breaches of security or suspicious online behaviour 2. the danger of computer viruses, and how to minimise risk 3. the risks to data security when using the internet 4. the risks to user safety and privacy when using the internet 5. security precautions that need to be addressed when connecting to the internet 6. how to identify secure internet sites 7. the need for safety and security practices when working online 8. the concept of password strength 9. the importance of organisational guidelines and policies for aspects of digital security and the implications of breaches of security 10. the use of system-generated passwords and password keepers 11. the risks associated with downloading software

6 ESKITU041 Set up and use security procedures for digital systems Overview This standard is about protecting hardware, software and the data within an IT system against theft, malfunction and unauthorised access. It involves using appropriate methods to stay safe online and protect software and data, such as by setting up virus protection software and a system for strong passwords.

7 ESKITU041 Set up and use security procedures for digital systems Performance criteria You must be able to: 1. take appropriate precautions to safeguard self and others when working online 2. report suspicious online activity to the appropriate person within required organisational timescales 3. set up and configure security software as required to protect digital systems from viruses and malware 4. establish an appropriate method for strong password protection 5. protect systems and data against unauthorised use 6. take appropriate steps to protect computer hardware against loss or damage

8 ESKITU041 Set up and use security procedures for digital systems Knowledge and understanding You need to know and understand: 1. the regulations, governing the security of IT systems including IT health and safety and good practice 2. the reporting requirements for data protection legislation 3. how to recognise problems that may be caused by a virus 4. risks to data and system performance and integrity that can exist when using the Internet 5. risks associated with using public internet access points and networks 6. how to use built-in operating system security features including firewalls 7. how to identify secure websites when conducting transactions online 8. the importance of maintaining good password and PIN security 9. the policies that exist for internet use, codes of conduct, disaster recovery 10. the importance of manufacturer updates for maintaining system security 11. how to select tools and apps that can enhance system and data security

9 ESKITU042 Review and implement security for digital systems Overview This standard is about protecting hardware, software and the data within an IT system against theft, malfunction and unauthorised access. It involves managing the safety of yourself and others online and maintaining the security of the digital workplace.

10 ESKITU042 Review and implement security for digital systems Performance criteria You must be able to: 1. identify and review the organisational risks to information, system and user security 2. contribute to the development of relevant organisational policy for user security and safeguarding 3. contribute to the development of relevant procedures for the safe and secure use of digital systems 4. contribute to the development of organisational policy for safe and secure Internet use 5. manage protection against malware and viruses 6. implement procedures to protect systems and data from loss or unauthorised use 7. maintain a secure digital footprint 8. update system security in line with manufacturer recommendations 9. implement appropriate guidelines for mobile device management

11 ESKITU042 Review and implement security for digital systems Knowledge and understanding You need to know and understand: 1. the regulations, governing the security of IT systems including IT health and safety and good practice 2. the importance of IT asset management and testing in organisations 3. how to protect personal computer systems against virus and malware attack 4. how to recognise a range of different attempts to compromise security 5. how to safeguard self and others when working online 6. how to minimise unwanted internet traffic including pop-ups, adverts, unsolicited messages and images 7. the role of encryption, digital signatures and signed code 8. the importance of maintaining business continuity through periods of disruption of systems or services 9. the different methods employed for user authentication and authorisation 10. issues around the environmental and ethical use of IT 11. where to find information on the security features of the digital system in use and how to configure and enhance device security 12. the low-level hardware and firmware features that protect against viruses and malware