0% found this document useful (0 votes)

277 views72 pages

Student Assessment Guide

Uploaded by

Davi Moraes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

277 views72 pages

Student Assessment Guide

Uploaded by

Davi Moraes

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 72

Perform Cyber Security Risk Management and Run Vulnerability Assessments

ICTICT443 Work collaboratively in the ICT industry

BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation

Student Assessment Guide

-
Perform Cyber Security Risk
Management and Run
Vulnerability Assessments

ICTICT443 - Work collaboratively in the ICT

industry

BSBXCS404 - Contribute to cyber security risk

management

ICTCYS404 - Run vulnerability assessments for an

organisation

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 1 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

© Australian College of Business Intelligence

All rights reserved
Version: 23.0
Date Modified: June 2023
No part of this publication may be reproduced, stored in a retrieval system or
transmitted in any form or by any means, electronic, mechanical, photocopying,
recording or otherwise without the prior written permission of Australian College of
Business Intelligence.
Disclaimer:
The Australian College of Business Intelligence does not invite reliance upon, nor
accept responsibility for, the information it provides. The Australian College of Business
Intelligence makes every effort to provide a high-quality service. However, neither the
Australian College of Business Intelligence, nor the providers of data, gives any
guarantees, undertakings or warranties concerning the accuracy, completeness or up-
to-date nature of the information provided. Users should confirm information.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 2 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

1. Assessment Information
Purpose of assessment

This assessment assesses your knowledge and skills in:

 Working collaboratively in virtual Information and Communications (ICT) team

environments to achieve organisational objectives. It includes contributing to
performance and capability within teams, participating in team activities,
exchanging knowledge and skills and providing support to team members.

 Contributing to cyber security risk management, which includes assisting in

developing and managing associated risk management strategies.

 Running vulnerability assessments and basic penetration tests to identify

potential threats to an organisation. It includes the ability to minimise risk and
remediate vulnerabilities to confirm that the security of an organisation is
maintained.

What you are required to do

For this assessment, you are required to complete seven tasks:

Task A – Knowledge test

Task B – Identify, develop & review protocols working collaboratively in a virtual
environment.
Task C – Contribute to cyber security risk management
Task D – Prepare to run vulnerability assessment
Task E – Run vulnerability assessment and penetration test
Task F – Finalise vulnerability assessment process

Tasks B to F of this assessment require you to use the provided case study
information.

Important resources for completing this assessment

To enable the candidate to complete this assessment, the following documents have
been provided in the unit course page on Moodle:

 Learner guide
 Case study information
 Assessment Guide
 Lecture notes
 Observation checklist
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 3 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

A note on plagiarism and referencing

Plagiarism is a form of theft where the work, ideas, inventions etc. of other people are
presented as your own.

When quoting or paraphrasing from a source such as the Internet, the source must be
recognised. If the candidate is quoting a source, they must make sure to acknowledge
this by including “quotation marks” around the relevant words/sentences or ideas. The
candidate should note the source at the point at which it is included within their
assessment, such as by using a citation. The candidate can then list the full details of
the source in a ‘references’ section at the end of their assessment.

All sources used for the candidate’s assessment should be detailed in the ‘references’
section. It is advisable for the candidate to never copy another person’s work.

Instructions for completing this assessment

Answer the questions below using the spaces provided:

 Answer all parts of each question
 Use your own words and give examples wherever possible
 The quality of your answer is more important than how long it is
 Enter your answers in this document

Submission via Moodle

Please refer to the “Instructions for Submitting Your Assessment” found within the unit
course page on Moodle.

NOTE: Please take care to follow all instructions listed. Assessments uploaded with a
draft status on Moodle may not be graded.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 4 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

2. Assessment Coversheet

Candidate Name:

Student ID:

Contact Number:

Email:

Trainer / Assessor
Name:

Qualification: ICT40120 CERTIFICATE IV IN INFORMATION TECHNOLOGY

ICTICT443 - Work collaboratively in the ICT industry

Units of Competency: BSBXCS404 - Contribute to cyber security risk management
ICTCYS404 - Run vulnerability assessments for an organisation
Task A – Knowledge test
Task B – Identify, develop & review protocols working collaboratively in a
virtual environment
Assessment Tasks: Task C – Contribute to cyber security risk management
Task D – Prepare to run vulnerability assessment
Task E – Run vulnerability assessment and penetration test
Task F – Finalise vulnerability assessment process
Date
Due Date:
Submitted:

Declaration: I have read and understood the following information at the

beginning of this assessment guide (please tick):

☐ Assessment information
☐ Submitting assessments
☐ Plagiarism and referencing

I declare this assessment is my own work and where the work is of

others, I have fully referenced that material.

Name (please print):

Candidate signature:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 5 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Assessment Task A: Knowledge Test

Answer all the questions below:

Question 1:

Complete the table below by giving an example and the relationship to collaborative
work arrangements.
Example How it applies to
collaborative work
arrangements
A law that applies to Privacy Act 1988 The Privacy Act governs
collaborative work the collection, use, and
arrangements. disclosure of personal
information in
collaborative projects,
ensuring data protection
and privacy compliance.
A regulation that Competition and This regulation
applies to Consumer Regulation addresses fair trading,
collaborative work 2010 consumer protection, and
arrangements. anticompetitive behavior,
safeguarding fair
practices and
transparency in
collaborative ventures.
A code that applies ISO/IEC 27002: This code offers
to collaborative work Information Security Code guidelines for
arrangements. of Practice implementing security
controls, including access
controls, risk
assessment, and incident
response, in collaborative
environments.
A standard that AS/NZS ISO 31000: Risk This Australian/New
applies to Management Zealand standard
collaborative work outlines principles and
arrangements. processes for managing
risks, ensuring a
structured approach to
risk assessment and
mitigation in
collaborations.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 6 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Question 2:

List three examples of cyber security protocols.

Learning Resource: Learners Guide, PPT slides

Answe  Transport Layer Security (TLS) Protocol:

r TLS is this really important protocol that's used to make sure the stuff you send
over the internet is secure. You know when you're shopping online and you see
that little padlock icon? That's TLS in action. It scrambles your data so that no
one else can understand it while it's traveling from your computer to the
website's server. So, it's like a super-strong shield for your data.

 Secure Shell (SSH) Protocol:

SSH is like the secret password for techies to get into computers from afar. It's
super handy for people who need to manage servers remotely. When you use
SSH, it's like you're talking in a secret language that only the server and your
computer can understand. So, no one else can eavesdrop on your commands or
steal your login info.

 Internet Protocol Security (IPsec):

IPsec is like the superhero of network communication. It's there to protect data
that's traveling between different points on a network. It sets up this secure
tunnel between devices, encrypting the data and making sure it hasn't been
tampered with. It's perfect for things like setting up secure connections between
offices or even for making sure your connection to a VPN is locked down.

Question 3:

Answer the following questions

3.1 Give an example of a virtual platform and list three protocols for use of that
platform.
Learning Resource: Learner’s Guide, PPT Slides

Answe Virtual Platform: Video Conferencing Application

1. Hypertext Transfer Protocol Secure (HTTPS):

When utilizing a video conferencing application to attend virtual meetings,

it's common to observe that the URL commences with 'https.' The 's' in
'https' holds great significance, as it indicates that the data transmitted
between your device and the server is encrypted. This encryption serves to
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 7 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

safeguard the data you share during virtual meetings from tampering or
interception by any unauthorized party.

2. Transport Layer Security (TLS):

When using video conferencing applications, a secure connection between

the server and your device is established through the use of TLS. This
protocol ensures that all data is encrypted while it is in transit, thereby
safeguarding your audio, video, and other meeting information from
unauthorized interception. Through this process, your virtual conversations
are kept confidential and secure.

3. Real-Time Transport Protocol (RTP) and Secure Real-Time

Transport Protocol (SRTP):

RTP is a protocol that helps deliver real-time audio and video streams
during your virtual meetings. To make it even more secure, some
video conferencing apps use SRTP, which adds an extra layer of
encryption to the audio and video data. This ensures that your
conversations are not only seamless but also highly secure against
eavesdropping.

3.2 If a team is struggling with communication, what strategies could you suggest to
improve communication. Give three examples.
Learning Resource: Learner’s Guide, PPT Slides

Answe
r 1. Regular Check-ins and Status Updates:

Encourage the team to have regular check-in meetings. Depending on

the project, these could be daily stand-ups or weekly catch-ups. In
these meetings, everyone can share their progress, challenges, and
upcoming tasks. This keeps everyone informed about what's
happening and promotes open communication. Identifying
bottlenecks early makes it easier to fix them.
2. Clear Roles and Responsibilities:

Sometimes communication struggles arise when team members aren't

clear about who's responsible for what. Consider defining clear roles and
responsibilities for each team member. This helps in two ways: It reduces
confusion because everyone knows who to talk to. Additionally, it
encourages direct communication about tasks, so nothing gets left behind.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 8 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

3. Use of Collaboration Tools:

Technology can play a big role in improving communication.
Recommend using collaboration tools like project management
software, messaging apps, or shared documents. These tools provide
a centralized platform for sharing information, updates, and files. They
also enable asynchronous communication, allowing team members to
access information when it's convenient for them. This can be
especially helpful when working across different time zones.

Question 4:

Answer the following questions

4.1 Give three examples of communication techniques in virtual teams.
Learning Resource: Learner’s Guide, PPT Slides

Answe 1. Scheduled Video Meetings:

r
Virtual teams can schedule regular video meetings using platforms like
Zoom or Microsoft Teams. These meetings provide a face-to-face
connection even when team members are geographically dispersed. Video
calls allow for non-verbal cues like facial expressions and gestures,
enhancing understanding and building a sense of camaraderie among team
members.

2. Asynchronous Messaging:

Using tools like Slack or Microsoft Teams, virtual teams can engage in
asynchronous communication. Team members can post messages,
updates, and questions at their convenience, without the need for
immediate responses. This method is useful for accommodating different
time zones and work schedules while maintaining a continuous flow of
information.

3. Collaborative Document Sharing:

Virtual teams can use platforms like Google Workspace or Microsoft

365 to collaborate on documents in real-time. This technique enables
team members to work together on the same project simultaneously,
view changes as they happen, and provide feedback directly within
the document. It streamlines communication around projects and
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 9 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

prevents version control issues.

4.2 List two ways that can be used to mediate between virtual team members who
have different points of view.
Learning Resource: Learner’s Guide, PPT Slides

Answe 1. Structured Video Conferencing:

r
Organize a structured video conference where both team members can
present their perspectives. Allocate specific time slots for each member to
share their viewpoint without interruptions. After each presentation, allow a
controlled period for questions and clarifications. A neutral facilitator can
manage the discussion, ensuring that both sides have an opportunity to
express their thoughts while maintaining a respectful atmosphere.

2. Online Collaborative Problem-Solving:

Utilize an online collaboration platform where team members can

discuss their differing viewpoints in writing. This approach can help
prevent heated exchanges that sometimes occur in real-time
discussions. Each member can present their arguments, and others
can respond with their thoughts. This format encourages thoughtful
responses, allows members to gather their thoughts, and provides a
record of the discussion for future reference.

Question 5:

Answer the following questions:

5.1. List two examples of roles and/or responsibilities that virtual team members have
in promoting collaborative work environments.
Learning Resource: Learner’s Guide, PPT Slides

Answe
1. Active contributors in the virtual conference:
r
Virtual team members should actively participate in virtual meetings
by sharing insights, asking questions, and offering solutions. By
participating in discussions and sharing their expertise, team
members help the team benefit from diverse perspectives and
experiences. This active participation fosters a collaborative
environment where every contribution is valued and considered.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 10 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

2. Timely communication and response:

Virtual team members are responsible for timely communication and timely
responses to messages, emails, and requests from colleagues. This
ensures a smooth flow of information within the team and prevents
bottlenecks and delays. When team members respond positively, trust is
built and a willingness to collaborate is demonstrated, even when working
remotely.

5.2. Give an example of two constructive feedback techniques.

Learning Resource: Learner’s Guide, PPT Slides

Answe
r 1. The "Sandwich" Technique:

This technique involves starting with a positive comment, then

providing the critical feedback, and ending with another positive
comment. For example, if you're giving feedback on a presentation,
you might say, "I really liked your use of visuals in the presentation.
However, I noticed that some points could be explained in more detail.
Overall, your delivery was confident and engaging."

2. The "SBI" Model (Situation, Bhavior, Impact):

With this technique, you describe a specific situation, highlight the behavior
you observed, and explain the impact it had. For instance, if you're
discussing a team project, you might say, "During the team meeting
(situation), I noticed you were actively listening and taking notes (behavior),
which helped ensure that everyone's ideas were captured accurately
(impact)."

Question 6:

Complete the table below by identifying the title of the legislation for each legislation
area, web site reference and then describing the relevance of the legislation to cyber
security risk management.

Legislation Legislation title Relevance to cyber security and

risk management and web site
reference
a. Data General Data The GDPR is a European regulation
protection Protection Regulation that sets ruls for how personal data
and privacy (GDPR) should be collected, processed, and
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 11 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
protected. It's relevant for cyber
security risk management. GDPR
Website
b. Notifiable Notifiable Data The Notifiable Data Breaches Scheme
data Breaches Scheme in Australia requires organizations to
breaches report data breaches. It's crucial for
managing cyber security risks and
promoting transparency. Notifiable
Data Breaches Scheme
c. International California Consumer The CCPA is a US legislation that gives
legislation Privacy Act (CCPA) consumers rights over their personal
information. Its principls align with
privacy standards and impact
Australian organizations dealing with
US customers.
d. Standards ISO/IEC 27001: ISO/IEC 27001 is an international
Information Security standard for information security
management systems. Its guidelines
are applicable to Australian
organizations for effective cyber
security risk management. ISO/IEC
27001

Question 7:

Describe how each of the following risk management strategies assists in reducing the
risk of cyber security breaches.
Risk management strategy Reduces risk of cyber security
breaches through:
a. Regular organisational Basically, giving everyon a heads-up on
training how to stay safe online. When we all
know the tricks, hackers use and how to
avoid them, we're like a tougher target.
b. Regular threat assessment Keeping an eye out for trouble. We're
like cyber detectives, watching out for
new threats and weaknesses so we can
fix them before anyon tries to attack.
c. Cyber security incident Being ready for anything. If something
response plan does go wrong, having a plan to jump
into action and stop the bad stuff from
spreading like wildfire.
d. Clear escalation routes Having a simple map for who to call
when things get hairy. It's like having a

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 12 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Question 8:

Complete the table below.

Organisational policies Provide a brief description of the purpose of this

and procedures policy/procedure/process in relation to cyber
security risk management.

a. Analysing and This is like checking if our risk management

reviewing risk strategies are still up to the task. We're making
management sure our methods for handling cyber risks are still
methodologies effective and up-to-date.

b. Developing Think of this like making a game plan for talking

communications about security stuff. We're figuring out how to
plans spread the word about cyber risks and safety, so
everyone's on the same page.

c. Evaluating It's like grading how well our risk-fighting

effectiveness of risk methods are doing. We're seeing if our strategies
management are actually working and if there are any weak
strategies spots that need some extra attention.

d. Monitoring cyber risk This is our lookout post. We're keeping an eye
on the cyber landscape to catch any potential
dangers before they sneak up on us. Like
guarding the castle from invaders.

e. Reviewing currency Imagine this as a checklist for all the risks we've
of risk register identified. We're going back to make sure the list
is still accurate and complete, so we don't miss
any potential troublemakers.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 13 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Question 9:

Document two cyber security risks and an appropriate risk management strategy.

Cyber security risk Management

a. Malware We're tackling malware like digital pest control.
We're using up-to-date antivirus software,
conducting regular scans, and educating
everyone about not clicking on suspicious links or
downloading unknown files. Prevention is key!
b. Man in the middle Think of this like eavesdropping on a secret
attack conversation. To prevent this, we're using
encryption techniques like HTTPS, and
connecting to secure Wi-Fi networks. We're also
staying vigilant and educating our team about the
risks of public Wi-Fi.

Question 10:

Answer the following questions regarding cyber security risk management.

10.1. Explain why it is important to install software updates regularly and when should
software updates be installed.
Learning Resource: Learner’s Guide, PPT Slides

Answe Installing software updates is like keeping your cyber defenses strong.
r These updates often include patches for vulnerabilities that hackers could
exploit. Regularly updating software helps fix these weaknesses and keeps
your systems more secure. Software updates should be installed as soon
as they become available. Waiting too long could leave your devices open
to attacks. Hackers are quick to exploit known vulnerabilities, so staying up-
to-date is crucial to staying safe.

10.2. List two business process design principles and why they are important for risk
management.
Learning Resource:Learner’s Guide, PPT Slides
Answe 1. Segregation of Duties:
r
This principle involves assigning different tasks to different people to
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 14 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

prevent a single person from having too much control over a process.
It's like having checks and balances in place. This is important for risk
management because it reduces the risk of fraud and errors. For
example, if one person can't approve and release payments, it's
harder for them to manipulate financial transactions without detection.

2. Least Privilege Access:

This principle is all about giving people the minimum access they need to
do their job, and nothing more. It's like granting access on a need-to-know
basis. This is crucial for risk management because it limits the potential
damage if someone's account gets compromised. For instance, if an
employee only has access to their department's files, a breach in their
account won't expose the entire company's sensitive data.

Question 11:

Review the maturity levels at the following link:

 https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-
maturity-model
 List each level and two ways that you could report on maturity levels.

Maturity Level Reporting methodology

Maturity Level Zero I could report that the

organization has weak overall
cybersecurity measures, which
could lead to potential data
breaches or system
compromises. It's like the
organization's security armor
needs strengthening.

Maturity Level One For this level, I might mention that the
focus is on attackers using common
techniques to access systems. It's like

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 15 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

the attackers are trying to find open

doors or windows. I would also explain
that these attackers are more
opportunistic and less targeted.

Maturity Level Two Reporting on this level could involve

explaining that attackers invest more
time to bypass controls and may use
better-known techniques. It's like
they're putting on a bit of a disguise to
sneak in. I'd highlight that they're still
somewhat cautious in their approach.

Maturity Level Three I could describe this as attackers

being more adaptive and using less-
known tools. They're like cyber
chameleons, blending into the
environment. These attackers exploit
weaknesses and can be more
persistent. They're not afraid to invest
more time and effort.

Question 12:

Discuss the following five security risks and vulnerabilities in software systems in 200-
250 words:
a. Insufficient Logging and Monitoring
b. Injection Flaws
c. Sensitive Data Exposure
d. Using Components with Known Vulnerabilities
e. Broken Authentication
f. Broken Access Control

Learning Resource: Learner’s Guide, PPT Slides

Answe
r a) Insufficient logging and monitoring in software systems can be
likened to navigating without a compass. When systems lack
comprehensive logs and monitoring, it becomes challenging to
detect and respond to potential security threats. Without proper
tracking, malicious activities may go unnoticed, hindering
incident investigation and response.
b) Injection flaws are akin to a hidden entrance for unwanted
guests. Such vulnerabilities arise when user inputs aren't
properly sanitized or validated, enabling attackers to inject

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 16 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

malicious code. This can lead to unauthorized access, data

breaches, or system manipulation.
c) Sensitive data exposure is equivalent to leaving confidential
information in plain sight. When software fails to adequately
encrypt or safeguard sensitive data, it becomes susceptible to
data leaks or theft, potentially harming individuals and
organizations.
d) Utilizing components with known vulnerabilities is similar to
constructing a house on shaky ground. Relying on outdated or
insecure libraries exposes software to potential attacks
targeting those weaknesses.
e) Broken authentication resembles handing over keys to
unauthorized individuals. Flaws in authentication mechanisms
enable attackers to manipulate credentials, potentially leading
to account takeovers or unauthorized access.
f) Broken access control is like giving a janitor access to the
CEO's office. Inadequate access controls can result in users
obtaining unauthorized privileges, compromising data integrity
and security.

Question 13:

Discuss the following five (5) tools used in testing a network for vulnerabilities including
scanning tools:
a. Metasploit
b. Nmap
c. OpenVAS
d. Wireshark
e. OpenSCAP
Write your answer in 300-350 words.

Learning Resource: Learner’s Guide, PPT Slides

Answe
a) Metasploit is like the Swiss Army Knife of ethical hackers. It is a
r
penetration testing framework that helps in identifying, verifying and
exploiting vulnerabilities in a network. More than just a scanner, it's a
platform for creating and launching attacks that provide valuable
insights into potential vulnerabilities. With Metasploit, pen testing teams
can take pre-built or custom code and network it to scan for
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 17 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

vulnerabilities. Another twist in threat hunting: Once vulnerabilities are

identified and documented, this information can be used to troubleshoot
systems and prioritize solutions.
b) Nmap is akin to a digital cartographer for networks. It's a powerful
port scanner and network exploration tool that discovers hosts
and services on a network. Nmap can reveal open ports, operating
systems, and even approximate network topology, which is vital
for understanding potential attack surfaces. When used properly,
Nmap can be invaluable for both optimizing and protecting
networks and information. All of the return data sent back by ports
scanned using Nmap is collected and complied by the program.
Based on that information, there are several key activities that
most people use the tool to help accomplish.
c) OpenVAS acts like a vigilant security guard. This is an open
source vulnerability scanner that checks the network for known
vulnerabilities. It not only identifies vulnerabilities, but also
recommends remediation and helps organizations prioritize
remediation. Its features include unauthenticated and
authenticated testing, various high-level and low-level Internet and
industrial protocols, performance tuning for large-scale scanning,
and a powerful in-house programming language for implementing
all types of vulnerability testing. The scanner draws tests for
detecting vulnerabilities from a source with a long history and
daily updates.
d) Wireshark is like a digital detective's magnifying glass. It's a
network protocol analyzer that captures and examines packets of
data in real time. By dissecting network traffic, Wireshark helps
identify anomalies, potential security breaches, and even
performance bottlenecks. For example, you can set a filter to see
TCP traffic between two IP addresses, or you can set it only to
show you the packets sent from one computer. The filters in
Wireshark are one of the primary reasons it has become the
standard tool for packet analysis.
e) OpenSCAP acts as a cyber hygiene inspector. It's a security
compliance solution that scans systems for adherence to security
policies and standards. It helps maintain configuration baselines,
ensuring systems are properly configured to minimize
vulnerabilities.

Question 14:
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 18 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Discuss the basic level penetration testing of a system. Write your answer in
300-350 words.
Learning Resource: Learner’s Guide, PPT Slides
Answe Penetration testing, often referred to as "pen testing," is like being a
r friendly hacker trying to find vulnerabilities before the bad guys do.
It's a crucial practice in identifying weaknesses in a system's
defenses. The process involves simulating various attack scenarios to
uncover vulnerabilities and assess the potential impact on the
system's security.

At a basic level, penetration testing involves several key steps. First,

understanding the scope and goals of the test is essential. This
includes defining the targets, systems, and applications that will be
tested and clarifying the objectives, such as finding specific
vulnerabilities or assessing overall security posture.

Next comes the reconnaissance phase, where I'd gather information

about the target system. This could include discovering IP addresses,
domain names, and potential entry points. Once armed with this
information, I'd move on to the scanning phase. Using tools like Nmap
or Nessus, I'd scan for open ports, services, and potential
vulnerabilities.

With potential vulnerabilities identified, I'd start probing deeper in the

exploitation phase. This is where I'd attempt to exploit the
vulnerabilities to gain unauthorized access or control over the system.
It's important to note that these attempts are controlled and
conducted in a safe environment.

The final stages involve post-exploitation activities and reporting.

Post-exploitation involves exploring the compromised system,
escalating privileges, and assessing the potential impact of an actual
attack. Once the testing is complete, I'd compile a detailed report that
outlines the vulnerabilities discovered, their potential impact, and
recommended mitigation strategies.

Basic penetration testing is a critical step in improving an

organization's cybersecurity. By identifying vulnerabilities proactively,
it allows for timely remediation and helps prevent real-world attacks.
It's important to conduct these tests ethically and with proper
authorization to ensure the security of the systems being tested. As I
continue to learn and develop my skills in this course, I look forward
to diving deeper into the world of penetration testing

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 19 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Question 15:

1. Discuss the following four (4) methods used to protect data in an

organisation:
a. Risk Assessments
b. Backups
c. Encryption
d. Access Controls
Write your answer in 300-350 words.
Learning Resource: Learner’s Guide, PPT Slides
Answe a. Risk Assessments:
r Think of risk assessments as a security health check for data.
Conducting regular risk assessments helps identify potential
vulnerabilities and threats that could compromise data. This involves
evaluating the likelihood and impact of various risks. By
understanding these risks, organizations can implement appropriate
security measures and allocate resources effectively to safeguard
sensitive information.

b. Backups:
Backups are like a safety net for data. They involve creating copies of
important data and storing them in a separate location. This way, if
data is compromised, lost, or accidentally deleted, organizations can
restore it from the backups. Regularly scheduled backups ensure that
critical information remains intact, even in the face of unexpected
events like cyberattacks or hardware failures.

c. Encryption:
Encryption is akin to locking data in a secure vault. It involves
converting data into a code that can only be deciphered with a
specific key. Even if unauthorized individuals access encrypted data,
they won't be able to understand it without the decryption key. This is
particularly important when data is transmitted over networks or
stored on devices susceptible to theft.

d. Access Controls:
Access controls are like digital bouncers at a club entrance. They determine
who can enter and access data within an organization. By setting up
permissions and restrictions, organizations ensure that only authorized
individuals can view, modify, or share data. This minimizes the risk of data

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 20 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

2. Discuss the following four (4) tools used to protect data in an

organisation:
a. Data Loss Prevention (DLP)
b. Endpoint Protection
c. Identity and Access Management (IAM)
d. Customer Data Management (CDM) platforms
Write your answer in 200-250 words.
Learning Resource: Learner’s Guide, PPT Slides
Answe
r

Question 16:

Discuss the risk mitigation strategies that may be used running vulnerability
assessments for an organisation.
Write your answer in 150-200 words.

Learning Resource: Learner’s Guide, PPT Slides

Answe
r

Question 17:

Answer the following questions regarding the organisational procedures

applicable to running vulnerability assessments, including establishing goals
and objectives of vulnerability assessments, defining the scope of testing
and establishment of the testing regime, documenting established
requirements, establishing penetration testing procedures, documenting
findings, threats and work performed.

1. Discuss the organisational procedures applicable to running vulnerability

assessments in 500-600 words.
2. Discuss goals and objectives of vulnerability assessments. Write your
answer in 50-100 words.
3. Define the scope of testing. Write your answer in 50-100 words.
4. Define the establishment of the testing regime. Write your answer in 50-
100 words.
5. Document established requirements. Write your answer in 300-350
words.
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 21 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
6. Discuss penetration testing procedures. Write your answer in 300-350
words.
7. Discuss steps to document findings, threats and work performed. Write
your answer in 300-350 words.

Learning Resource: Learner’s Guide, PPT Slides

Answe
r

Question 18:

Answer the following questions regarding the key organisational

environments, systems and networks required to run vulnerability
assessments.

1. Discuss organisational environments and systems to run vulnerability

assessment. Write your answer in 200-250 words.

2. Discuss the network required to run vulnerability assessments. Write your

answer in 400-450 words.

Learning Resource: Learner’s Guide, PPT Slides

Answe
r

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 22 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Task B – Identify, develop & review protocols working

collaboratively in a virtual environment
Please read the case study and simulation pack provided for the unit and complete the
tasks from B to F.

This assessment task requires to you work collaboratively with a team in a virtual IT
environment. It requires to you review existing protocols and communication
technology that are in place, to complete a project whereby you suggest alternatives to
existing technology and develop protocols and then brief your team on this in a virtual
environment. Make sure you are familiar with the organisation you are basing this
assessment on and have read through the necessary background information.

To complete this assessment task students are required to participate in a meeting

using the template provided:

Section B1: Team protocols requirements

To complete this section you are required to:

 Identify and describe protocols and roles and responsibilities which apply to
teams when working virtually.

 Identify and describe communication tools and technology used for virtual
collaboration.

 Determine and report on areas to improve in relation to team protocols for

working collaboratively in a virtual environment.

Team protocols
 Identify and describe
at least three
protocols that team
members must follow
when working virtually
(note that these
protocols relate
generally to roles and
responsibilities of the
team in relation to
communication).
 At least one of the
protocols you identify
should relate to cyber
security protocols. If
the business does not
have specific virtual
team protocols you
can refer to general
protocols that exist.
 You may then
highlight this as an
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 23 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 24 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

 Review the technology currently used to support teams working collaboratively in virtual
environments.

 Research and outline other options for technology to support team collaboration.

 Develop protocols that should be followed when sharing knowledge.

 Develop cyber security protocols as per the organisation’s cyber security procedures.

In the next activity step, you will meet virtually with a small team of students where everyone will present
their work on other options for technology that can be used for collaborative teamwork.
The purpose of this virtual meeting is to present your ideas on communication tools and technology,
sharing this knowledge as per the knowledge sharing protocols you have developed.
Prior to the meeting you are to provide your protocols for knowledge sharing to your team (and which are
to be followed at the meeting). You will also be seeking your team’s feedback on the cyber security
protocols you developed. You will also receive protocols information from other members of your team so
you will need to follow all protocols.
Remember that this is your opportunity to influence your team as to the benefits of the technology you
are suggesting. Your assessor will work with you to organise each team and the date and time for the
meeting. The meeting will be conducted virtually.

Technology review
 What technology is
currently being used
to support virtual
teams?
 Provide a brief
evaluation of the pros
and cons of that
technology.
 Research at least two
other technology
options that you
consider would be
better for supporting
teams in virtual
environments.
 Describe the
technologies here and
pros and cons.
 Remember that you
will present this
information at the
virtual meeting so
ensure your Portfolio
includes enough
information that you
can use to speak at

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 25 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
the meeting. You do
not have to develop a
presentation; you can
just speak to your
notes.
Protocols for knowledge
sharing
 Develop a one-page
document with
protocols for
knowledge sharing
and that specifically
relate to working
collaboratively in a
virtual team
environment.
 You can design your
document in any way
as long as it is clear
and easy to read.
 Include at least five
protocols.
 List the name of your
document here and
attach it with your
submission.
Protocols for cyber security
 Develop a one-page
document with
protocols for cyber
security and that
specifically relate to
working collaboratively
in a virtual team
environment.
 You can design your
document in any way
as long as it is clear
and easy to read.
 Include at least five
protocols.
 List the name of your
document here
 Make sure your
protocols align with
the organisation’s
cyber security
procedures. If you are
completing this for the
case study business.
 In the virtual meeting,
you will not be able to
test compliance with
cyber security
protocols directly but

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 26 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
you should question
your team about
whether they are
following the protocols
you have developed.
Team information
 As you need to make
sure your team is
informed of the
knowledge sharing
protocols for use at
the meeting and cyber
security procedures to
follow, develop an
email and send it to
your team with your
protocols attached.
Attach a screenshot of
the email and list the
name of the document
here.

Section B3: Compliance with protocols

To complete this section you are required to:

 Review and report on protocols that were used to support teams working collaboratively in virtual
environments.

 Seek and describe feedback on team communication practices according to working collaboratively
in virtual environments protocols.

 Determine and report on improvements to future work protocols in virtual environments.

Protocols review
 Comment on how your
team performed
regarding using
knowledge sharing
protocols at the
meeting.
 Further, what are their
thoughts on the cyber
security protocols.
Have they made sure
they followed them?
Feedback
 Document the
feedback here that
your assessor
provided on team
communication
practices.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 27 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
Improvements
 Based on your review
and the feedback
provided, what
protocols could be
improved. Give at
least one example.

Assessment Task B Performance Checklist

Student’s name:

Completed
successfully? Comments

Did the student: Yes No

Identify and report on current team

protocols for virtual ways of working,
including cyber safety protocols?

Identify and report on communication

tools and technology currently available
to support teams working collaboratively
in virtual environments?

Determine and report on roles and

responsibilities of team members
according to team communication
protocols?

Review and report on the technology

currently utilised to support teams
working collaboratively in virtual
environments?

Develop at least four protocols for the

sharing of knowledge collaboratively in a
virtual environment as per the task
requirements?

Develop at least four cyber security

protocols to align with the organisational
cyber security procedures?

Review protocols utilised to support

teams working collaboratively in virtual

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 28 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

environments?

Seek feedback on team communication

practices as per the working
collaboratively in virtual environments
protocols?

Determine improvements to future work

protocols in virtual environments?

Task outcome:  Satisfactory  Not satisfactory

Assessor signature:

Assessor name:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 29 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Task C – Contribute to cyber security risk management

This task requires you to contribute to cyber security risk management by assisting in developing and
managing risk management strategies.

Section C1: Cyber security risk management preparation

Identify and document at least 10 questions (both open and closed) that would assist you to find out
about risk management requirements for cyber security and relevant to the organisation and industry in
which it operates.
As a minimum this should include:

 Critical cyber security risks, including organisation/industry specific risk.

 Existing risk management strategies and cyber security response options in place.

Note these down in the relevant space in the template provided below.
You will consult with stakeholders in the next activity using these questions to find out more about scope
of risk management for the organisation and the industry in which it operates.
Consult with your assessor and student group or identified stakeholders and ask the questions you
prepared.
Each person will have a turn (10 minutes per person) to ask their questions and receive responses.
Take notes of the answers as you will need to use them in the upcoming sections.

Stakeholder Consultation
Document at least 10
questions (open and closed)
that would assist you to find
out about risk management
requirements for cyber
security and relevant to the
organisation and industry
Note these down here for
use at the stakeholder
consultation.

Outcomes of Stakeholder
Consultation
Write down the outcomes of
the meeting here in note
form.
Write down your review of
existing risk management
strategies already in place,
as well as suitable risk

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 30 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

management strategies
discussed at the meeting

Attach: Video recording of meeting (if relevant) ☐

Section C2: Cyber security risk management plan

Recommend risk management strategies.
Following the consultation, you are to:

 Identify and document critical cyber security risks.

 Consider and document relevant risk management strategies appropriate for the organisation and
the level of risk.

 Develop suitable cyber security response options for at least two of the critical cyber security risks
you have identified. Make sure these options align with the Cyber Security Risk Management Policy
and Procedures in the Simulation Pack’.

 Identify benchmarks that can be used to document the effectiveness of the risk management
strategies for the two cyber security risks you have identified.
In a group, present your presentation with a student group of approximately four to five, you will present
the work you completed for Section C1 i.e. your risk management strategies and response options for at
least two cyber security risks.
You are to also use the opportunity following the presentation to monitor cyber security risk and to assist
in determining compliance by asking fellow students at the meeting about the procedures they follow to
mitigate cyber security risks.
You will have approximately 15 minutes to give your presentation and receive feedback. You will also be
staying in the same group to hear other students’ presentations.
Document their responses for use in the next activity.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 31 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

List critical cyber security risks – at least five

Cyber security risks Consequence of attack Likelihood of attack Risk rating

Document cyber security response options for 2 of the risks identified above.

Cyber security risks Response options Benchmarks that can be used to track effectiveness

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 32 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Document an additional cyber security response options for a new cyber security risk identified (Note: complete this section as part of section C3)

Cyber security risks Response options Benchmarks that can be used to track effectiveness

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 33 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Section C3: Cyber security risk management strategies implementation and review
Develop an information update
Based on the feedback you received at your presentation, you are to assume that to address the non-compliance you
have decided to develop a document (this should be approximately one page) about an aspect of cyber security that
you consider both you and group require further information about. You can include graphics and images to make the
information more appealing.
You must also ensure that you use clear, specific and industry-related terminology relating to cyber security.
You are to also to include a short feedback survey about the information you provide (i.e. usefulness, clarity, etc) which
you will use to evaluate implementation of this risk management strategy (i.e. information about cyber security). You
should also include a question that seeks to find out about new cyber security risks.
Your feedback survey should:

 include at least 5 questions

 be electronic

 be secure so as to ensure cyber security

 give a date for completion so that you can use the information in the next activity.

You are to send this to all members of your group from Section C2. You will use the results of the feedback survey in
the final section of this task.

Review the following information:

Number of expected infections from Malware: 0

Month Instances Comments

Jan 0 NA

Feb 0 NA

Mar 0 NA

April 0 NA

May 0 NA

June 1 Due to lack of instalment of

software update

Assume escalation means reporting the situation to a senior staff member. Review the information above and write an
email that you would send to escalate this information.
This final part of the section requires you to evaluate the risk management strategies you have implemented by
analysing the feedback surveys you receive and reflecting on how effective you consider the approach you took was.
You are now to complete the template below. To complete it, you need to:

 Review completed surveys and analyse the feedback.

 Document new cyber security risks.

 Reflect on the risk management strategies used during the assessment and improvements.
Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
 Update the risk management plan you developed earlier.

Escalation
Write an email that you would send to escalate the
information gained from the benchmarking.

Feedback analysis
Analyse and document the feedback you received
from your surveys. Make sure you include copies of
your surveys (this can be completed surveys made
available at a link).
Assess feedback in terms of how effective the
information is for users.
Document new cyber security risks identified through
the survey.
Reflect on the risk management strategies used during
the assessment and ways you think you could improve
this in the future.
Update your risk management plan with a response
option for another cyber security risk (complete the
section above).

Information update
As per the assessment instructions you are to develop
information update focussing on a particular aspect of
cyber security as per the discussion following the
training and information session.
You do not need to include any information here
except for the title of your Information update.
Remember to attach your Information update below.

Attach: Link to survey ☐

Completed surveys ☐

Information update ☐

Assessment Task C Performance Checklist

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 35 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Student’s name:

Completed
successfully? Comments

Did the student: Yes No

Consult with stakeholders to determine risk

management requirements relevant to the organisation
and industry?

During the stakeholder consultation demonstrate

effective communication skills including:

 Speaking clearly and concisely to articulate their

ideas and requirements

 Using non-verbal communication to assist with

understanding

 Asking both open and closed questions to identify

required information

 Responding to questions as required

 Using active listening techniques to clarify

understanding

Review critical cyber risk management strategies that

are suitable for identified risk level?

Recommend suitable cyber security response options

for at least two identified cyber security risks and
aligning to the Cyber Security Risk Management Policy
and Procedures?

Identifying and documenting benchmarks that can be

used to document the effectiveness of the risk
management strategies?

Present and communicate documented options for risk

management strategies for approval within scope of own
role at risk management presentation?

During the risk management presentation demonstrate

effective communication skills including:

 Speaking clearly and concisely to articulate their

ideas and requirements

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 36 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

 Using non-verbal communication to assist with

understanding

 Asking both open and closed questions to identify

required information

 Responding to questions as required

 Using active listening techniques to clarify

understanding

Support implementation of risk management by:

 monitoring cyber security risk through seeking

feedback on compliance with procedures

 assessing compliance with procedures

 addressing non-compliance by providing an

information update?

To support implementation of risk management, develop

a feedback survey consisting of at least 5 questions (i.e.
to assess information and training provided about cyber
security and to find out about new cyber security risks)?

Use a secure survey to assist with cyber security?

Use clear, specific and industry-related terminology

relating to cyber security to develop the information in
section 3?

Escalating non-compliance according to given policy and

procedures?

Support evaluation by reviewing the effectiveness of

information provided?

Update risk management strategies based on feedback

and review?

Task outcome:  Satisfactory  Not satisfactory

Assessor signature:

Assessor name:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 37 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Run vulnerability assessments for an organisation

Task conditions

 The purpose of this assessment task is to perform at least one vulnerability test assessment and
define and run at least one basic penetration test.
 This assessment task will be completed in an IT lab. Your trainer/assessor will supervise you in
performing this assessment task.
 The student will work as a penetration tester in this assessment. You will assess web-based,
network-based and hardware-based vulnerabilities and adhere to organisational procedures and
document and report activities.

Task Instructions:

 The student will perform at least one vulnerability test assessment.

 You will define and run at least one basic penetration test.
 You will assess web-based, network-based and hardware-based vulnerabilities.
 You will adhere to organisational procedures.
 You will document and report activities

Skill test:

Following assessment task requires the student:

 To perform at least one vulnerability test assessment.
 To define and run at least one basic penetration test.
 To assess web-based, network-based and hardware-based vulnerabilities.
 To adhere to organisational procedures.
 To document and report activities.

Task D – Prepare to run vulnerability assessment

 Section D1: Obtain work details and scope from required personnel and arrange for site access
in compliance with required security arrangements, legislation, codes, regulations and
standards.
 Section D2: Discuss and evaluate scanning tools and select according to vulnerability
assessment requirements.
 Section D3: Establish testing regime and schedule, and documentation requirements according
to organisational needs.

Section D1: Obtain work details and scope from required personnel and arrange for site
access in compliance with required security arrangements, legislation, codes, regulations
and standards.
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 38 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

This part of the activity requires you to obtain work details and scope from required personnel and
arrange for site access in compliance with required security arrangements, legislation, codes,
regulations and standards.

To do so, you are required to:

 Consult your supervisor.

 Discuss the information regarding the work details and scope.
 Confirm the work details and scope and document using Template 1 below.
 Arrange for site access. Ensure you comply with security arrangements,
legislation, codes, regulations and standards when arranging site access.
 Further, document the following using Template 1.
o Steps implemented to arrange for site access.
o Security arrangements, legislation, codes, regulations and standards were
followed when arranging site access.

Template 1: Information on obtaining work details and scope from required personnel and arranging
for site access in compliance with required security arrangements, legislation, codes, regulations and
standards.

Work details and scope (100-150 words)

Standards for cyber security operations (150-250 words)

Legislation for cyber security operations (100-150 words)

Regulations for cyber security operations (250-300 words)

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 39 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Codes for cyber security operations (50-100 words)

Committee Code Committee Name

Security arrangements for cyber security operations (150-200 words)

Network Security
Cloud Security
Internet of Things Security
Application Security

Assessment Task D1: Performance Checklist

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to

task the participant needs to demonstrate complete
competency in the following critical aspects
of evidence (Comment and feedback to
students)

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 40 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

a) Consulted Supervisor and clarified

the information regarding the
 
work details and scope.

b) Confirmed the work details and

scope and document using
 
Template 1.

 Not satisfactory

The student’s performance was:

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section D2: Discuss and evaluate scanning tools and select according to vulnerability
assessment requirements.
This part of the activity requires you to discuss and evaluate scanning tools and select according to
vulnerability assessment requirements and document the outcomes using ‘Template 2’.

Description of the activity

This activity is a continuation of Section D1.

This activity requires you to discuss and evaluate scanning tools and select according to vulnerability
assessment requirements.

To do so you need to:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 41 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

 Describe and evaluate the following scanning tools based on their features according to
vulnerability assessment requirements and document using Template 2:
o Acunetix
o Burp Suite
o GFI Languard
o Nmap
o OpenVAS
 Select scanning tools considering the vulnerability assessment requirements and document
using Template 2.

Template 2: Evaluation of scanning tools and selection according to vulnerability assessment requirements.

Scanning tools and their features according to vulnerability assessment

requirements (100-150 words)

Acunetix

Burp Suite

GFI Languard

Nmap

OpenVAS

Selected scanning tool and reason for selection (100-150 words)

Assessment Task D2: Performance Checklist:

This task must address the following performance criteria/ performance checklist.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 42 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete
assessment task the participant needs to (Comment and feedback to
demonstrate competency in the following students)
critical aspects of evidence

a) Described and evaluated scanning tools

based on their features according to  
vulnerability assessment requirements:
 Acunetix
 Burp Suite
 GFI Languard
 Nmap
 OpenVAS
b) Selected scanning tools according to the
following criteria:  
 Cloud-based vulnerability scanners
 Host-based vulnerability scanners
 Network-based vulnerability scanners
 Database-based vulnerability scanners

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 43 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
Section D3: Establish testing regime and schedule, and documentation requirements
according to organisational needs.

This part of the activity requires you to establish a testing regime and schedule, and documentation
requirements according to organisational needs and document the outcomes using ‘Template 3’.

Description of the activity

This activity is a continuation of D2.

This activity requires you to establish a testing regime and schedule, and documentation requirements
according to organisational needs based on the information provided in the case study.

To do so you need to:

 Select your approach from one of the following and document using Template 3:
o Attack vectors
o MITRE ATT&CK framework
o Threat types
o In the wild
o APT groups
 Automate what you can repeat and document using Template 3.
 Develop an approach for measuring results and document using Template 3.
 Choose two (2) testing tools and document using Template 3.
 Schedule tests to be conducted and document using Template 3.

Template 3: Information on establishing testing regime and schedule, and documentation requirements
according to organisational needs.

Steps to develop the testing plan rules and schedule (400-500 words)

Select your approach

Automate what you can repeat

Approach for measuring results

Template 3.
Two (2) testing tools

Schedule tests to be conducted

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 44 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Assessment Task D3: Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete

assessment task the participant needs to (Comment and feedback to students)
demonstrate competency in the following
critical aspects of evidence

a) Selected your approach from one of the

following and documented using Template  
3:
 Attack vectors
 MITRE ATT&CK framework
 Threat types
 In the wild
 APT groups

b) Automated
repeated.
the things that can be
 
c) Developed
results.
an approach for measuring
 
d) Chose two (2) testing tools and document
using Template 3.  
e) Scheduled tests to be conducted.
 

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 45 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Task E – Run vulnerability assessment and penetration test

 Section E1: Perform vulnerability assessment according to organisational procedures

 Section E2: Identify and document vulnerabilities arising from vulnerability assessment
according to organisational procedures.
 Section E3: Run a simple penetration test according to organisational procedures.
 Section E4: Identify and document potential threats arising from penetration tests according to
organisational procedures.
 Section E5: Contribute and develop ideas in addressing vulnerabilities.

Section E1: Perform vulnerability assessment according to organisational procedures.

This part of the activity requires you to perform a vulnerability assessment according to organisational
procedures and document the outcomes using ‘Template 4’.

Description of the activity

This activity is a continuation of section D3.

This activity requires you to perform a vulnerability assessment according to organisational procedures
based on the information provided in the case study.

To do so you need to:

 Perform vulnerability assessment using Nmap or other testing tool according to organisational
procedures:
o Take an active role
o Identify and understand your business processes
o Pinpoint the applications and data that underlie business processes
o Find hidden data sources
o Determine what hardware underlies applications and data
o Map the network infrastructure that connects the hardware
o Identify which controls are already in place
o Run vulnerability scans
o Apply business and technology context to scanner results
o Conduct penetration testing

Further, you must:

 Document the steps implemented to perform vulnerability assessment using Template 4.
 Take a screenshot of each step implemented to perform vulnerability testing using Nmap or
other testing tool and document using Template 4.
Template 4: Steps implemented to vulnerability assessment according to organisational procedures.

Procedure to perform vulnerability assessment (500-600 words)

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 46 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Identify and understand your

business processes
Pinpoint the applications and
data that underlie business
processes
Find hidden data sources

Determine what hardware

underlies applications and data
Map the network infrastructure
that connects the hardware
Identify which controls are
already in place
Run vulnerability scans

Apply business and technology

context to scanner results
Conduct penetration testing

Assessment Task E1 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete

assessment task the participant needs to (Comment and feedback to students)
demonstrate competency in the following
critical aspects of evidence

a) Performed vulnerability assessment

according to organisational procedures.  

b) Taken an active role

 

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 47 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

d) Pinpointed the applications and data

that underlie business processes  

e) Found hidden data sources

 

f) Determined what hardware

applications and data
underlies
 

g) Mapped the network infrastructure that

connects the hardware  

h) Identified which controls are already in

place  

i) Ran vulnerability scans

 

j) Applied Business and technology context

to scanner results  

k) Conducted penetration testing

 

The student’s performance was:  Not satisfactory

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 48 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section E2: Identify and document vulnerabilities arising from vulnerability assessment
according to organisational procedures.

This part of the activity requires you to identify and document vulnerabilities arising from vulnerability
assessment according to organisational procedures and document the outcomes using ‘Template 5’.

Description of the activity

This activity is a continuation of Section E1.

This activity requires you to identify and document vulnerabilities arising from vulnerability assessment
according to organisational procedures based on the information provided in the case study.

To do so you need to:

 Identify and document the following types of vulnerabilities arising from vulnerability
assessment according to organisational procedures using Template 5.
o Two (2) web-based vulnerabilities arising from vulnerability assessment such as:
 Cross-site scripting (XSS)
 Broken access control
 Directory indexing
 Encapsulation
o Two (2) Network-based vulnerabilities arising from vulnerability assessment such as:
 Poor Firewall Configuration
 Hardware Issues
 Weak Passwords
 Single Factor Authentication
o Two (2) Hardware-based vulnerabilities arising from vulnerability assessment such as:
 Rowhammer
 Bounds Check Bypass Store (BCBS)
 Foreshadow
 Intel LazyFP

Template 5: Vulnerabilities arising from vulnerability assessment according to organisational

procedures.

Web-based vulnerabilities arising from vulnerability assessment

(150-200 words)
Cross-site scripting (XSS)

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 49 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Network-based vulnerabilities arising from vulnerability assessment

(150-200 words)
Poor Firewall Configuration
Hardware Issues
Weak Passwords
Single Factor Authentication

Hardware-based vulnerabilities arising from vulnerability assessment

(150-200 words)
Rowhammer
Bounds Check Bypass Store
(BCBS)
Foreshadow
Intel LazyFP

Assessment Task E2 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete

assessment task the participant needs to (Comment and feedback to students)
demonstrate competency in the following
critical aspects of evidence

a) Identified and documented Web-based

vulnerabilities arising from vulnerability  
assessment according to organisational
procedures.
 Cross-site scripting (XSS)
 Broken access control
 Directory indexing
 Encapsulation

b) Identified and documented Network-

based vulnerabilities arising from  
vulnerability assessment according to
organisational procedures.
 Poor Firewall Configuration
 Hardware Issues
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 50 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

c) Identified and documented Hardware-

based vulnerabilities arising from  
vulnerability assessment according to
organisational procedures.
 Rowhammer
 Bounds Check Bypass Store
(BCBS)
 Foreshadow
 Intel LazyFP

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 51 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

This part of the activity requires you to run a simple penetration test according to organisational
procedures and document the outcomes using ‘Template 6’.

Description of the activity

This activity is a continuation of section E2.

This activity requires you to run a simple penetration test according to organisational procedures based
on the information provided in the case study.

This activity requires you to use the Nmap tool and IIS server to run penetration testing on the
organisation’s network.

To do so you need to:

 Enabling IIS and required IIS components on Windows 10.

 Run a simple penetration test according to organisational procedures using the Nmap tool:
o Information gathering
o Reconnaissance
o Discovery and scanning
o Vulnerability assessment
o Exploitation
o Final analysis and review
o Utilise the testing results
 Utilise the below penetration testing methods:
o External network penetration testing
o Internal network penetration testing
o Social engineering testing
o Physical penetration testing
o Application penetration testing

Further, you must:

 Document the steps implemented to perform penetration test using Template 6.
 Take a screenshot of each step implemented to perform penetration test using Nmap tool and
IIS server and document using Template 6.

Template 6: Steps implemented to perform penetration test

Enabling IIS and required IIS components on Windows 10 (40-50 words)

Steps to run a simple penetration test (300-350 words)

Information
Gathering
Reconnaissance

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 52 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
Discovery and
Scanning
Vulnerability
Assessment
Exploitation
Final Analysis and
Review
Utilise the Testing
Results

Penetration testing methods (250-300 words)

External Network
Penetration Testing
Internal Network
Penetration Testing
Social Engineering
Testing
Physical Penetration
Testing
Application
Penetration Testing

Assessment Task E3 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete

assessment task the participant needs to (Comment and feedback to students)
demonstrate competency in the following
critical aspects of evidence

a) Ran a simple penetration test according

to organisational procedures:  
o Information Gathering
o Reconnaissance
o Discovery and Scanning
o Vulnerability Assessment
o Exploitation
o Final Analysis and Review
o Utilise the Testing Results

b) Utilised the below penetration testing

methods:  
o External Network Penetration
Testing

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 53 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
o Internal Network Penetration
Testing
o Social Engineering Testing
o Physical Penetration Testing
o Application Penetration Testing

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section E4: Identify and document potential threats arising from penetration tests according
to organisational procedures.

This part of the activity requires you to identify and document potential threats arising from penetration
tests according to organisational procedures and document the outcomes using ‘Template 7’.

Description of the activity

This activity is a continuation of section E3.

This activity requires you to identify and document two (2) potential threats arising from penetration
tests according to organisational procedures based on penetration test conducted in E3.

To do so you need to:

• Identify and document three (3) potential threats arising from penetration test form the
following and document using Template 7:
o Malware
o Denial of Service
o Man in the Middle
o Phishing
o SQL Injection
o

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 54 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Potential threats arising from penetration test (250-300 words)

Malware
Emotet
Denial of Service
Man in the Middle
Phishing
SQL Injection

Assessment Task E4 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to

assessment task the participant needs to complete
demonstrate competency in the following (Comment and feedback
critical aspects of evidence to students)

a) Identified and documented potential

threats arising from penetration test:  
o Malware
o Denial of Service
o Man in the Middle
o Phishing
o SQL Injection

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section E5: Contribute and develop ideas in addressing vulnerabilities.

This part of the activity requires you to contribute and develop ideas in addressing vulnerabilities and
document the outcomes using ‘Template 8’.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 55 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Description of the activity

This activity is a continuation of E4.

This activity requires you to contribute and develop ideas in addressing vulnerabilities.

To do so you need to:

• Contribute and develop any two (2) of the following ideas for addressing vulnerabilities and
document using Template 8:
o Implement a threat monitoring process that will allow your security team to constantly
gather information about the newest or emerging threats that may affect your
organisation
o Conduct regular vulnerability assessments
o Establish and enforce baseline configurations
o Remediate vulnerabilities
o Patch vulnerabilities

Template 8: Contributing and developing ideas in addressing vulnerabilities.

Ideas to address vulnerabilities (250-300 words)

Implement a threat
monitoring process that will
allow your security team to
constantly gather information
about the newest or emerging
threats that may affect your
organisation
Conduct regular vulnerability
assessments
Establish and enforce
baseline configurations
Remediate vulnerabilities
Patch vulnerabilities

Assessment Task E5 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete

assessment task the participant needs to (Comment and feedback to students)
demonstrate competency in the following
critical aspects of evidence

a) Contributed and developed the following

ideas for addressing vulnerabilities:  
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 56 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 57 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Task F – Finalise vulnerability assessment process

Section F1: Discuss vulnerabilities identified in vulnerability assessment and penetration
testing with required personnel.

This activity is a continuation of E5.

This part of the activity requires you to discuss vulnerabilities identified in vulnerability assessment and
penetration testing with Supervisor.

To do so, you are required to arrange a meeting with your supervisor.

The meeting’s purpose is to consult the supervisor regarding vulnerabilities identified in vulnerability
assessment and penetration testing.

The meeting agenda must be prepared, considering the objectives of the meeting and using the
template provided. The meeting agenda must discuss the purpose of the meeting and provide details
regarding the meeting’s place, date, and time.

The trainer/assessor must observe the student conducting the meeting.

After preparing the meeting agenda, you are then required to send an e-mail to the meeting
participants to invite them to the meeting.

Guidelines for writing the e-mail:

• Ensure the text written in the e-mail is grammatically correct and free of
errors.
• Use business style writing.
• The text must provide a summary of the attachment.
• Attach meeting agenda to the e-mail.

After e-mailing the meeting agenda to the participants of the meeting, you are then required to conduct
a meeting with them.

To conduct the meeting, you must follow the meeting process and the meeting script provided below.

Meeting process:

1. Create a meeting agenda that encourages the stakeholders to provide

feedback on the performance development processes.
Before the meeting
 Confirm the meeting time and place with the trainer/assessor.

 Use the meeting agenda template provided to prepare the meeting

agenda.

1. Welcome the participants

2. Discuss vulnerabilities identified in vulnerability assessment and

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 58 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

3. Conduct the meeting based on the ‘Meeting script’ provided.

4. Request feedback on discussion.

1. Summarise the agreed outcomes using the meeting minutes template

provided.
After the meeting
2. Document the discussions using ‘Template’ provided based on the
feedback received, if any.

Meeting script:

For Penetration tester:

The penetration tester will first discuss the vulnerabilities identified in vulnerability assessment and
penetration testing.

The penetration tester will ask these questions after the supervisor has discussed the vulnerabilities
identified in vulnerability assessment and penetration testing.

1. What are ideas for addressing vulnerabilities identified?

2. What are the organisational procedures implemented to run penetration tests?

Questions that 1. What types of methods and tools are available in training organisations to
the supervisor protect data in an organisation?
will discuss with
the penetration 2. What are the risk mitigation strategies that may be used when running
tester vulnerability assessments for an organisation?

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 59 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Template 9: Meeting agenda template:

Date/Time:

Location:

Chairperson:

Meeting Attendees:

Full names and roles

Agenda Item/Topic Discussion/Outcomes Action Officer Due Date

Welcome

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 60 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Summary Overall Summary

Decision/s

Action/s if any

Next Meeting Time/date

Meeting closed at:

Minutes are a true and Approved/confirmed by whom?

accurate record of the
meeting

Template 9: Meeting minutes template:

Minutes of Meeting

Meeting Objective:

Attendees:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 61 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Venue:

Date:

No. Points Discussed Actions Suggested Target Date

Signature of attendee 1: Signature of attendee 2:

Signature of attendee 3: Signature of attendee 4:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 62 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Assessment Task F1 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete

assessment task the participant needs to
demonstrate competency in the following (Comment and feedback to students)
critical aspects of evidence

a) Discussed
identified in
vulnerabilities
vulnerability
 
assessment and penetration
testing.

b) E-mailed supervisor
the meeting
regarding
 

c) The meeting agenda

attached to the email.
was
 

d) E-mail texts were grammatically

correct and free of errors.
 

e) Comprehended documents and

texts of varying complexity to
 
extract and analyse relevant
information

f) Used formal communication

style, encouraging and respectful
 
tone

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 63 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

g) Asked questions to clarify and

confirm understanding
 

h) Answered questions clearly and

concisely.
 

i) Followed
procedures,
relevant
legislation
policies,
and
 
standards of the organisation.

 Not satisfactory

The student’s performance was:

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section F2: Contribute ideas with required personnel and remediate vulnerabilities identified
according to organisational procedures.

This part of the activity requires you to contribute ideas with required personnel and remediate
vulnerabilities identified according to organisational procedures and document the outcomes using
‘Template 10’.

This activity is a continuation of F1.

To do so, you are required to:

 Consult your supervisor.

 Discuss the following with the Supervisor:
o Vulnerabilities identified.
o Ideas identified to address vulnerabilities.
o How each identified idea would address the vulnerabilities identified?

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 64 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 65 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Ideas to address vulnerabilities (150-200 words)

Know Your
Code
Prioritise Your
Vulnerabilities
Fix

Assessment Task F2 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to complete

assessment task the participant needs to
demonstrate competency in the following (Comment and feedback to
critical aspects of evidence students)

a) Consulted your supervisor.

 

b) Discussed the following with the

Supervisor:
 
 Vulnerabilities identified.
 Ideas identified to address
vulnerabilities.
 How each identified idea would
address the vulnerabilities
identified?

c) Documented the ideas discussed

to address vulnerabilities using
 
Template 10.

 Not satisfactory

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 66 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

The student’s performance was:

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section F3: Escalate unresolved vulnerabilities to required personnel.

This part of the activity requires you to escalate unresolved vulnerabilities to Supervisor.

Description of the activity

This activity is a continuation of F2.

This activity requires you to escalate unresolved vulnerabilities to required personnel.

To do so you need to:

• Escalate unresolved vulnerabilities to Supervisor.

o E-mail the unresolved issues to Supervisor. Follow the guidelines provided.
 E-mail must have an appropriate subject line.
 The body of the e-mail must provide a summary of the unresolved issues.

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 67 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Assessment Task F3 Performance Checklist:
This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to

assessment task the participant needs to complete
demonstrate competency in the following (Comment and
critical aspects of evidence feedback to students)

a) Escalated unresolved vulnerabilities to

Supervisor.  

b) E-mailed the unresolved issues to

Supervisor. Follow the guidelines  
provided.
o E-mail must have an appropriate
subject line.
o The body of the e-mail must
provide a summary of the
unresolved issues.

 Not satisfactory

The student’s performance was:

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section F4: Document identified vulnerabilities and work performed according

to organisational procedures.

This part of the activity requires you to document identified vulnerabilities and work
performed according to organisational procedures and document the feedback using
‘Template 11’.

Description of the activity

This activity is a continuation of F3.

This activity requires you to document identified vulnerabilities and work performed
according to organisational procedures using Template 11.
Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
Template 11 must include the following information:

• Vulnerabilities identified
• Work performed to conduct testing and address vulnerabilities.

Template 11: Vulnerabilities and work performed

Vulnerabilities and work performed (250-300 words)

Vulnerabilities identified

Work performed

Assessment Task F4 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to

assessment task the participant needs to complete
demonstrate competency in the following (Comment and feedback
critical aspects of evidence to students)

a) Documented identified  
vulnerabilities and work performed
according to organisational
procedures.

b) Prepared documentation detailing  

vulnerability assessments according

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 69 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

to organisational requirements using

concise industry specific terminology
applicable to cyber security.

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Section F5: Report to management and confirm vulnerability assessment with

required personnel.

This part of the activity requires you to report to management and confirm vulnerability
assessment with required personnel and document the feedback using ‘Template 12’.

Description of the activity

This activity is a continuation of F4.

This activity requires you to report to management and confirm vulnerability assessment
with required personnel.

To do so you need to:

• Write a report to management using Template 12. The report must include the
following:
o Executive Summary
o Assessment Overview
o Details of vulnerability assessment conducted.
o Results and Mitigation Recommendations
• Confirm vulnerability assessment with Supervisor.
o E-mail the report completed to Supervisor. Follow the guidelines provided.
 E-mail must have an appropriate subject line.
 The body of the e-mail must provide a summary of the report and
confirm vulnerability assessment with required personnel.
 E-mail must include vulnerability assessment report (Template 12)
as attachment.
•

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 70 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Vulnerability assessment (300-400 words)

Executive Summary

Assessment Overview

Details of vulnerability assessment conducted.

Results and Mitigation Recommendations

Assessment Task F5 Performance Checklist:

This task must address the following performance criteria/ performance checklist.

To be assessed as satisfactory (S) in this S N/S Trainer/Assessor to

assessment task the participant needs to complete
demonstrate competency in the following (Comment and feedback
critical aspects of evidence to students)

a) Documented the report to management

using Template 12. The report must include  
the following:
• Executive Summary
Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 71 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

Perform Cyber Security Risk Management and Run Vulnerability Assessments
ICTICT443 Work collaboratively in the ICT industry
BSBXCS404 Contribute to cyber security risk management
ICTCYS404 Run vulnerability assessments for an organisation
• Assessment Overview
• Details of vulnerability assessment
conducted.
• Results and Mitigation Recommendations

b) Confirmed vulnerability assessment with

Supervisor.  
• E-mailed the report completed to
Supervisor. Follow the guidelines
provided.
o E-mail had an appropriate subject
line.
o The body of the e-mail provided a
summary of the report and
confirmed vulnerability
assessment with required
personnel.
o E-mail included vulnerability
assessment report (Template 12)
as attachment.

The student’s performance was:  Not satisfactory

 Satisfactory

Assessor signature:

Assessor name:

Date:

Perform Cyber Security Risk Management and Run Vulnerability Assessments Version: 23.0 Page 72 of 72

Developed by: ACBI Approved by: DoS Issued: July 2023

ICTCYS612 Student Assessment Tasks and Project Portfolio V2.0
0% (2)
ICTCYS612 Student Assessment Tasks and Project Portfolio V2.0
36 pages
156-315.81.20 Check Point CCSE Exam Practice Questions
No ratings yet
156-315.81.20 Check Point CCSE Exam Practice Questions
35 pages
Assessment Task 2 ICTNWK615
No ratings yet
Assessment Task 2 ICTNWK615
8 pages
ICTCYS612 Project Portfolio
100% (1)
ICTCYS612 Project Portfolio
33 pages
Google Cybersecurity Certificate - COURSE 1 NOTES
100% (1)
Google Cybersecurity Certificate - COURSE 1 NOTES
10 pages
ICTTEN615 Project Portfolio
No ratings yet
ICTTEN615 Project Portfolio
22 pages
MCS3002124 - Sadbhav Lamichhane - ICTTEN622 Assignment 1
No ratings yet
MCS3002124 - Sadbhav Lamichhane - ICTTEN622 Assignment 1
15 pages
For Marking ICTTEN615 Student Assessment Tasks Version 1.0
No ratings yet
For Marking ICTTEN615 Student Assessment Tasks Version 1.0
40 pages
ICTICT618 - Simulation Pack
100% (1)
ICTICT618 - Simulation Pack
11 pages
Task 1
No ratings yet
Task 1
12 pages
Assessment 1 ICTSAS527
No ratings yet
Assessment 1 ICTSAS527
18 pages
ICTSAS527 Project Portfolio
No ratings yet
ICTSAS527 Project Portfolio
19 pages
ICTPMG613 Project Portfolio
No ratings yet
ICTPMG613 Project Portfolio
28 pages
ICTDBS605 New Assessment 1 - Knowledge Test
No ratings yet
ICTDBS605 New Assessment 1 - Knowledge Test
21 pages
Manage IP, Ethics and Privacy in ICT Environments - Assessment
No ratings yet
Manage IP, Ethics and Privacy in ICT Environments - Assessment
13 pages
ICTNWK546 Project Portfolio V1.0
No ratings yet
ICTNWK546 Project Portfolio V1.0
11 pages
ICTNWK546 Student Assessment TasksJMNJ
No ratings yet
ICTNWK546 Student Assessment TasksJMNJ
16 pages
Security Incident Analysis Report - 04380946
100% (1)
Security Incident Analysis Report - 04380946
12 pages
CL RouterAndSwitches AE Kn1of3 Answer
No ratings yet
CL RouterAndSwitches AE Kn1of3 Answer
19 pages
Assessment 1 ICTNWK543
No ratings yet
Assessment 1 ICTNWK543
32 pages
ICTPRG535 Build Advanced User Interfaces AT1 Noman Bandi
No ratings yet
ICTPRG535 Build Advanced User Interfaces AT1 Noman Bandi
6 pages
Assessment Method-Based Instructions and Guidelines: Skills Test
No ratings yet
Assessment Method-Based Instructions and Guidelines: Skills Test
22 pages
BSBXCS402 Presentation
No ratings yet
BSBXCS402 Presentation
27 pages
Sophos-Intercept-X - For PCs License-Guide
No ratings yet
Sophos-Intercept-X - For PCs License-Guide
6 pages
Case Study Scenario
No ratings yet
Case Study Scenario
28 pages
ICTICT443 - Assessment Workbook
No ratings yet
ICTICT443 - Assessment Workbook
11 pages
Assessment 2 ICTSAS527
No ratings yet
Assessment 2 ICTSAS527
36 pages
ICTICT618
100% (1)
ICTICT618
43 pages
ICTNPL413 Upashna
No ratings yet
ICTNPL413 Upashna
39 pages
PowerPoint PresentationsTRG-DOC-12 PPT ICTTEN615 V1.1
No ratings yet
PowerPoint PresentationsTRG-DOC-12 PPT ICTTEN615 V1.1
43 pages
ICTCYS606 Student Assessment 2 - Project Portfolio - Sameer Randhawa
No ratings yet
ICTCYS606 Student Assessment 2 - Project Portfolio - Sameer Randhawa
28 pages
ICTPRG535 - Assessment Instruction - v1.0 2
No ratings yet
ICTPRG535 - Assessment Instruction - v1.0 2
13 pages
ICTPMG614 Student Project Portfolio QV1.2
100% (1)
ICTPMG614 Student Project Portfolio QV1.2
45 pages
BSBXTW401 Student Assessment Tasks (1) 1
No ratings yet
BSBXTW401 Student Assessment Tasks (1) 1
48 pages
Sadbhav ICTNWK612 Assignment 1
100% (1)
Sadbhav ICTNWK612 Assignment 1
25 pages
ICTICT610 - Main Assessments-1
0% (1)
ICTICT610 - Main Assessments-1
15 pages
Ictict532 Task 2 Final
100% (1)
Ictict532 Task 2 Final
17 pages
Draft - Project Plan
No ratings yet
Draft - Project Plan
6 pages
Aibl234901 Ictnpl413 Mushraf Complete
No ratings yet
Aibl234901 Ictnpl413 Mushraf Complete
73 pages
ICTICT532 Simulation Pack
No ratings yet
ICTICT532 Simulation Pack
11 pages
BSBTWK502 Policy and Procedures Template
No ratings yet
BSBTWK502 Policy and Procedures Template
2 pages
Revised Project Plan Deliva Courier Services
No ratings yet
Revised Project Plan Deliva Courier Services
11 pages
For Marking ICTPMG615 Student Assessment Tasks Version
100% (1)
For Marking ICTPMG615 Student Assessment Tasks Version
66 pages
ICTICT618
No ratings yet
ICTICT618
43 pages
ICTICT418 SW 1of1
No ratings yet
ICTICT418 SW 1of1
68 pages
Ictict608 Upashna
No ratings yet
Ictict608 Upashna
44 pages
Assessment 613 Full Resubmission PDF
No ratings yet
Assessment 613 Full Resubmission PDF
35 pages
BSBXCS402 Promote Workplace Cyber Security Awareness and Best Practices Cybersecurity Training and Information Session
No ratings yet
BSBXCS402 Promote Workplace Cyber Security Awareness and Best Practices Cybersecurity Training and Information Session
13 pages
BSBXCS402 Project Portfolio (Assessment-2)
0% (2)
BSBXCS402 Project Portfolio (Assessment-2)
6 pages
Internet Usage Policy and Procedures
No ratings yet
Internet Usage Policy and Procedures
2 pages
ICTTEN615 Student Assessment Task 1 & 2
No ratings yet
ICTTEN615 Student Assessment Task 1 & 2
50 pages
Assessment 2 - Practical Demonstration ICTSAS526
No ratings yet
Assessment 2 - Practical Demonstration ICTSAS526
19 pages
Ahad
No ratings yet
Ahad
47 pages
ICTPMG615 Student Assessment Tasks QV1.3
No ratings yet
ICTPMG615 Student Assessment Tasks QV1.3
24 pages
ICTICT517 SW 1of1
No ratings yet
ICTICT517 SW 1of1
62 pages
BSBTWK502 Student Assessment Task 1.v1.0
No ratings yet
BSBTWK502 Student Assessment Task 1.v1.0
3 pages
Ictnwk503 MG Pro 2of2
No ratings yet
Ictnwk503 MG Pro 2of2
48 pages
Project Portfolio For Assess 2
No ratings yet
Project Portfolio For Assess 2
7 pages
ICTDBS605 New Assessment 2 - Project Portfolio
No ratings yet
ICTDBS605 New Assessment 2 - Project Portfolio
25 pages
Network Design Security - Project
No ratings yet
Network Design Security - Project
8 pages
ICTNPL413 Student Assessment 1
No ratings yet
ICTNPL413 Student Assessment 1
31 pages
ICTSAD609 Student Guide V1.0
No ratings yet
ICTSAD609 Student Guide V1.0
41 pages
Originate and Develop Concepts: BSBCRT512
No ratings yet
Originate and Develop Concepts: BSBCRT512
26 pages
BSBPMG530 Project Portfolio
0% (2)
BSBPMG530 Project Portfolio
14 pages
Highlights: Strata by Palo Alto Networks - PA-450R - Datasheet
No ratings yet
Highlights: Strata by Palo Alto Networks - PA-450R - Datasheet
6 pages
The Forrester Wave™ - Enterprise Email Security, Q2 2019
No ratings yet
The Forrester Wave™ - Enterprise Email Security, Q2 2019
14 pages
CCFR-201b CrowdStrike Certified Falcon Responder - 2024 Version Exam Free Dumps
No ratings yet
CCFR-201b CrowdStrike Certified Falcon Responder - 2024 Version Exam Free Dumps
10 pages
Chapter #4
100% (1)
Chapter #4
33 pages
Ch. 1 Info Sec
No ratings yet
Ch. 1 Info Sec
44 pages
What Is Hacking
No ratings yet
What Is Hacking
10 pages
Summer Training Report ON Ethical Hacking: Bachelor of Engineering
No ratings yet
Summer Training Report ON Ethical Hacking: Bachelor of Engineering
51 pages
Countermeasures in Cybercrime
No ratings yet
Countermeasures in Cybercrime
34 pages
Cyber Security Unit-3
No ratings yet
Cyber Security Unit-3
25 pages
The Madi Infostealers
No ratings yet
The Madi Infostealers
26 pages
Camouflage in Malware: From Encryption To Metamorphism: Babak Bashari Rad, Maslin Masrom
No ratings yet
Camouflage in Malware: From Encryption To Metamorphism: Babak Bashari Rad, Maslin Masrom
10 pages
Nutshell Ict
No ratings yet
Nutshell Ict
7 pages
Cyber Security Document
No ratings yet
Cyber Security Document
15 pages
2ND Term Data Proc. E-Note
No ratings yet
2ND Term Data Proc. E-Note
30 pages
2birhanu 2nd Website Assignment
No ratings yet
2birhanu 2nd Website Assignment
32 pages
How To Fix A Windows Virus Infection Using Linux
No ratings yet
How To Fix A Windows Virus Infection Using Linux
2 pages
IAS 302 Final Examination
No ratings yet
IAS 302 Final Examination
2 pages
Fundamentals of Cyber Security
No ratings yet
Fundamentals of Cyber Security
144 pages
Computer Forensics Fundamentals
No ratings yet
Computer Forensics Fundamentals
13 pages
Nis Microproject
100% (2)
Nis Microproject
14 pages
Emp Tech L2
No ratings yet
Emp Tech L2
16 pages
Use of Operating System Tools
No ratings yet
Use of Operating System Tools
8 pages
CS 205 MID 2024 by Qasim Ali Objective Subjective
No ratings yet
CS 205 MID 2024 by Qasim Ali Objective Subjective
27 pages
Ethical Hacking and Prevention: Course Contents
No ratings yet
Ethical Hacking and Prevention: Course Contents
4 pages
PlausMal-GAN Plausible Malware Training Based On Generative Adversarial Networks For Analogous Zero-Day Malware Detection
No ratings yet
PlausMal-GAN Plausible Malware Training Based On Generative Adversarial Networks For Analogous Zero-Day Malware Detection
12 pages
Legal and Ethical Foundations in Cyber Security
No ratings yet
Legal and Ethical Foundations in Cyber Security
6 pages