Manage
information
security
compliance
of cloud
KII6031
CLOUD COMPUTING
SOLUTIONS
Assessment 2
CONTENTS
Manage information security compliance of cloud service deployment 3
Introduction 8
Assessment 2: Project Portfolio 9
Assessment 2: Checklist 13
Assessment Information
Welcome to your Assessment 2 for Cloud Computing Solutions.
| Unit of Competency | |
| ICTCLD602 | Manage information security compliance of cloud service deployment |
| ICTPRG614 | Create cloud computing services |
Student Instructions
Before you commence your Assessment, ensure that you have good
knowledge of the subject, have thoroughly read your Learner workbook, and
clearly understand the Assessment requirements and the expectations of the
Assessor.
You may be required to demonstrate knowledge and skills which may be
difficult for the Assessor to witness. If so, an Evidence Record is supplied which
will allow the knowledge or skill to be verified by at least one third party, and
preferably two or more. These witnesses would usually be current or recent
supervisors or your Assessor.
Explanations are given for each Task. If you have any questions, consult with
your Assessor.
The assessment tasks may be answered using your business, the simulated
business or a mixture of both as instructed by your Assessor.
When you are confident that you have met all requirements for this assessment
task, upload your file using your file using Learning Management System (LMS) for
marking.
For the due date of the assessments follow the instructions of your facilitator.
Assessment Conditions
All assessment in this subject/units must be completed in the class under the
supervision of your facilitator. Once completed the assessments are to be uploaded
on LMS (www.KIIonline.edu.au) in individual student profile for marking.
▪ All assessments must be attempted
▪ All questions must be answered in an appropriate manner as per the
requirements.
▪ Follow the Assessor’s instructions to complete the assessments
▪ Use appropriate referencing where applicable. You are required to use APA
referencing style.
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 4
Assessment Grading
Individual assessments are to be marked as “Satisfactory” or “Not Yet satisfactory”. The
final outcome of this subject/unit is to be recorded in “Unit outcome Record” as
“competent” (C) or “Not Yet Competent” (NYC) and/or in LMS. In order to be
competent in a given unit of competency the student must satisfactorily complete all
assessment tasks and. If more than one unit of competency are clustered to form a
subject, the students are still required to attempt all assessments.
| ASSESSOR NOTE These instructions must be followed when assessing the student in this unit. The checklist on the following page is to be completed for each student. Please refer to separate mapping document for specific details relating to alignment of this task to the unit requirements. This competency is to be assessed using standard and authorised work practices, safety requirements and environmental constraints. Assessment of essential underpinning knowledge will usually be conducted in an off-site context. Assessment is to comply with relevant regulatory or Australian standards’ requirements. Reasonable adjustments for people with disabilities must be made to assessment processes where required. This could include access to modified equipment and other physical resources, and the provision of appropriate assessment support |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 5
Assessment Coversheet
| Unit: | |
| Course Name: | |
| Assessment Tool: |
Assessment 2 |
| Student must fill this section: | |
| Student Name: | |
| Student ID: | |
| Privacy Release Clause: |
“I give my permission for my assessment material to be used in the auditing, assessment validation & moderation Process” |
| Authenticity Declaration: |
“I declare that: • The material I have submitted is my own work; • I have kept a copy of all relevant notes and reference material that I used in the production of my work; • I have given references for all sources of information that are not my own, including the words, ideas and images of others.” |
| Student signature: |
Date: |
| Assessment Completion Status | ||||
| Attempt | Satisfactory | Non-Satisfactory | Date | Assessor’s Signature |
| Initial attempt | | | ||
| 2nd attempt/Re assessment |
| |
| Feedback to student: |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 6
| Information for Student: |
| • All work is to be entirely of the Student. General Information for this assessment: • Read the instructions for each question very carefully. • Be sure to PRINT your FULL name & LAST name in every place that is provided. • Short questions must be answered in the spaces provided or follow the word limits as instructed. • For those activities requesting extra evidence such as: research reports, ESSAY reports, etc. The student must attach its own work formatted in double space, Arial 12 pts. • All assessment tasks must be addressed correctly in order to obtain a competence for the unit of competency. • If the Student doesn’t understand the assessment, they can request help from the assessor to interpret the assessment. • All assessments must be submitted online. Login to www.kiionline.edu.au and follow the subject link to submit your assessments. Note that the hard copy of the assessments will not be accepted. |
| Re-assessment of Result& Academic Appeal procedures: |
| If a student is not happy with his/ her results, that student may appeal against their grade via a written letter, clearly stating the grounds of appeal to the Operations Manager. This should be submitted after completion of the subject and within fourteen days of commencement of the new term. Re-assessment Process: • An appeal in writing is made to the Operations Manager providing reasons for re-assessment /appeal. • Operations Manager will delegate another faculty member to review the assessment. • The student will be advised of the review result done by another assessor. • If the student is still not satisfied and further challenges the decision, then a review panel is formed comprising the lecturer/trainer in charge and the Operations Manager OR if need be an external assessor. • The Institute will advise the student within 14 days from the submission date of the appeal. The decision of the panel will be deemed to be final. • If the student is still not satisfied with the result, the he / she has the right to seek independent advice or follow external mediation option with nominated mediation agency. • Any student who fails a compulsory subject or appeals unsuccessfully will be required to re-enrol in that subject. • The cost of reassessment will be borne by the Institute. The external assessor will base his/her judgement based on principles of assessment. These principles require assessment to be reliable, fair, practical and valid. Academic Appeals: • If you are dissatisfied with the outcome of the re-evaluation process, you have a right to appeal through academic appeals handling protocol. • To appeal a decision, the person is required to complete the KII- Request for Appeal of a Decision form with all other supporting documents, if any. This form is available via our website. The completed Request for Appeal form is to be submitted to the Student Support Officer either in hard copy or electronically via the following contact details: • Student Support Officer, Kingsford International Institute (KII), Level 6, 128-136 Chalmers St, Surry Hills, NSW 2010, Email: [email protected] • The notice of appeal should be in writing addressed to the Operations Manager and submitted within seven days of notification of the outcome of the re-evaluation process. • If the appeal is not lodged in the specified time, the result will stand and you must re-enrol in the unit. • In emergency circumstances, such as in cases of serious illness or injury, you must forward a medical certificate in support of a deferred appeal. The notice of appeal must be made within three working days of the concluding date shown on the medical certificate. • The decision of Operations Manager will be final. • Student would then have the right to pursue the claim through an independent external body as detailed in the students’ complaint / grievance policy. |
“I understand all the above rules and guidelines for the assessment
| Full Name | Signature | Date (dd/mm/yyyy) |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 7
Pre-assessment Checklist
Your assessor will go through the assessment for this unit. It is important that you understand this
assessment before taking on the questions and tasks. To confirm that you have been given this
overview, we ask you to complete the following Pre-Assessment Checklist.
You are required to carefully read each checklist item provided below and tick either ‘Y’ to confirm
your understanding or ‘N’ if you disagree. In case you disagree with an item, please provide your
reason under the ‘Comments’ column.
When you have done this, we ask you to sign this Pre-Assessment Checklist. This acknowledges
that your Trainer/Assessor has discussed all of the information with you prior to undertaking this
assessment.
| Pre – assessment Checklist | Comments | |
| Y | N | I, the student, understand the purpose of the assessment. |
| Y | N | I understand when and where the assessment will occur, who will assess and in what format the assessment will be submitted. |
| Y | N | I understand the methods of assessment. |
| Y | N | I understand what resources are required to complete this assessment. |
| Y | N | I understand the performance level required for each assessment event. |
| Y | N | I understand that it must be my own work. I have been explained and understand the serious consequences in case this work is found plagiarised. |
| Y | N | I understand the process if I am deemed not yet competent. |
| Y | N | I understand the feedback process and the appeals process. |
| Y | N | The assessor has discussed with me if I have any special needs and if so what arrangements have been made. |
| Student Full Name |
Student ID | Student Signature |
Date (dd/mm/yyyy) |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 8
Introduction
The assessment tasks for Cloud computing Solutions are outlined in the assessment plan
below. These tasks have been designed to help you demonstrate the skills and knowledge
that you have learnt during your course.
Please ensure that you read the instructions provided with these tasks carefully. You should
also follow the advice provided in the IT Works Student User Guide. The Student User Guide
provides important information for you relating to completing assessment successfully.
Assessment for this unit
Cloud Computing Solutions describes the performance outcomes, skills and knowledge to
manage cloud security controls, privacy and legal compliance when implementing cloud
services for an enterprise.
For you to be assessed as competent, you must successfully complete two assessment tasks:
▪ Assessment Task 1: Knowledge questions – You must answer all questions correctly.
▪ Assessment Task 2 ( this assessment): Project – You must work through a range of tasks
and complete a project portfolio.
▪ Assessment Task 3 Project – You must work through a range of tasks and complete a
project portfolio.
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 9
Assessment 2: Project Portfolio
Information for students
In this task, you are required to demonstrate your skills and knowledge by working through a
number of activities and completing and submitting a project portfolio.
You will need access to:
▪ a suitable place to complete activities that replicates an ICT environment including a
computer and internet access
▪ Unit Simulation Pack or access to business specifications in relation to cloud security and
enterprise security policies, as well as WHS requirements
▪ security environment information including legislation and expertise
▪ risk analysis tools and methodologies
▪ your learning resources and other information for reference
▪ Project Portfolio template.
Ensure that you:
▪ review the advice to students regarding responding to written tasks in the IT Works
Student User Guide
▪ comply with the due date for assessment which your assessor will provide
▪ adhere with the submission guidelines
▪ answer all questions completely and correctly
▪ submit work which is original and, where necessary, properly referenced
▪ submit a completed cover sheet with your work
▪ avoid sharing your answers with other students.
| Assessment information | i |
| Information about how you should complete this assessment can be found in Appendix A of the IT Works Student User Guide. Refer to the appendix for information on: ▪ where this task should be completed ▪ how your assessment should be submitted. Note: You must complete and submit an assessment cover sheet with your work. A template is provided in Appendix B of the Student User Guide. However, if your RTO has provided you with an assessment cover sheet, please ensure that you use that. |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 10
TASKS
Complete the following activities:
1. Carefully read the following:
| This assessment task requires you to identify security risks relevant to cloud services and then manage cloud security controls. This project can be based on the case study business in the ICT simulation pack or you may like to base this on your own business, or a business you are currently working for or are familiar with. It is important that you can access a range of information relevant to cloud security as indicated on the previous page. Speak to your assessor to get approval if you want to base this on your own business or one you work for. You will be collecting evidence for this unit in a Project Portfolio. The steps you need to take are outlined below. |
2. Planning
| Make sure you are familiar with the business you are basing this assessment on and have read through the necessary background information, Strategic Plan and policies and procedures. For the case study business, this is all of the documents included in the ICT simulation pack. If it’s your own business or a business where you are working or are familiar with, it’s important at this step that you have your business or case study approved by your assessor. Complete Page 4 of your Project Portfolio for this unit. Read through the requirements of Section 1, 2 and 3 of your Project Portfolio. |
3. Cloud services security risks and controls
| You are now to complete Section 1 of your Project Portfolio. When you complete Section 1, you need to: ▪ Identify the range of cloud security risks that apply to different cloud services. ▪ Identify and review the business’ requirements for the cloud services, as well as legal, privacy and contractual issues. ▪ Investigate the cloud services vendor including: o Their responsibilities and the business’ o Compliance and security controls for the cloud services o Risks that apply to the vendor and risks that apply to the organisation ▪ Configure and document the security controls for cloud services in order to mitigate risk |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 11
4. Cloud privacy compliance
| You are now to complete Section 2 of your Project Portfolio. When you complete Section 2, you need to: ▪ Determine how you will ensure business continuity and build in data recovery to the cloud service and implement these requirements ▪ Review the suitability of user access policies and configuration to data ▪ Complete a check on controls and maintain a record. |
5. Cloud security compliance enhancements
| You are now to complete Section 3 of your Project Portfolio. When you complete Section 3, you need to: ▪ Update the risk register and business continuity plans based on the security enhancements you have made. ▪ Evaluate security effectiveness by assessing security controls against prescribed benchmarks. In the next activity you will present all of the work you have completed to a small group of students in order to obtain sign off of your work. Present your work using a PowerPoint Presentation and attach it to your Portfolio. |
6. Round table discussion
| In a group round-table style discussion with a student group of approximately four or five, you will present how you have managed the information security compliance of the cloud service. You are to assume that you are presenting your results to management. Each person will have a turn (10 minutes per person) to talk about their work as per their project portfolio. Other members of the group are to provide their feedback and approval of ideas. Your assessor will be looking to see that you can present you work as documented in your Project Portfolio and as per the presentation you have developed. You must ensure that you present your work in such asway that technical terminology can be understood by all. During the roundtable discussion, you are to: ▪ demonstrate effective communication skills including: o Speaking clearly and concisely o Using non-verbal communication to assist with understanding o Asking questions to identify required information |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 12
| o Responding to questions as required o Using active listening techniques to confirm understanding |
| This can either be viewed in person by your assessor or you may like to video record the session for your assessor to watch later. Your assessor can provide you with more details at this step. Make sure you follow the instructions above and meet the timeframes allocated. |
i |
7. Submit your completed Project Portfolio
| Make sure you have completed all sections of your Project Portfolio, answered all questions, provided enough detail as indicated and proofread for spelling and grammar as necessary. Submit to your assessor for marking. |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 13
Assessment 2: Checklist
| Student’s name: | SID: | |
| Did the student: | Completed successfully? |
Comments |
| Yes | No | |
| Identify and describe cloud security risks for different cloud delivery and deployment models? |
||
| Identify, review and document legal, privacy and contractual issues related to cloud security, as well as business policies and procedures and requirements? |
||
| Map responsibilities between the business and cloud vendor? |
||
| Review and discuss the compliance controls of cloud vendor? |
||
| Identify and describe risks relating to cloud security that are the business’ responsibility? |
||
| Identify and document security controls provided by the cloud vendor for the cloud service? |
||
| Map security controls to the business’ risks? |
||
| Configure security controls in order to mitigate risk as per the business’ needs? |
||
| Document the configuration of security control and risk mitigation? |
||
| Identify and document the required data storage compliance regulations? |
||
| Determine and document data privacy risks associated with the cloud service? |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 14
| Determine business continuity and data recovery plan requirements? |
||
| Implement business continuity and data recovery plan to meet requirements? |
||
| Review and document user access policies and configuration to data? |
||
| Identify, secure and maintain, logs and audit trails? |
||
| Document data privacy risk mitigation? | ||
| Implement and integrate required changes to security into the risk register and business continuity plans? |
||
| Establish and document a performance measurement program? |
||
| Evaluate security effectiveness of implemented security controls based on performance measures? |
||
| Submit the required documentation changes for security controls to required personnel (assessor)? |
||
| Obtain final task sign off? | ||
| Articulates requirements clearly using effective communication skills? |
||
| Articulates requirements clearly using effective communication skills? Use industry standard technical language to explain concepts to audience and in a way they can understand? |
||
| Task outcome: | Satisfactory | Not satisfactory |
| Assessor signature: | ||
| Assessor name: | ||
| Date: |
KII6031 Cloud Computing Solutions
Assessment 2
Kingsford International Institute |CRICOS: 03689D RTO: 45363| KII6031| October 2020 v1.0 15