BSBXCS404 - Contribute to cyber security risk management

Assessment tasks will be designed to reinforce and extend knowledge and skill competence within set and controlled parameters in accordance with each unit's learning outcomes and performance criteria requirements, including the setting of work based practical application tasks designed to provide evidence of competence outcomes, within periodic and scheduled timelines. Students will be expected to demonstrate the following required skills: *contribute to developing and implementing risk management strategies that control two different identified cyber security risks and document the response option applied to each risk *support evaluation of effectiveness of each implemented strategy. Students will also be expected to demonstrate the following knowledge: *legislative and regulatory requirements relating to contributing to cyber security risk management, including: - data protection legislation - notifiable data breach legislation - Australian privacy laws - established international legislation *key risk management strategies, including: - regular organisational training - regular threat assessment - cyber security incident response plan - clear escalation routes *organisational policies and procedures, including for: - analysing and reviewing risk management methodologies - developing communications plans - evaluating effectiveness of risk management strategies - monitoring cyber risk - reviewing currency of risk register *industry-specific knowledge of suitable procedures for applying risk management strategy *guidelines required for updating technology *business process design principles in relation to risk management *reporting mechanisms for tracking organisational cyber security maturity.