Promote workplace cyber security awareness

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 1 of 12
Task 02: Project
Submission details
The Assessment Task is due on the date specified by your trainer. Any variations to this
arrangement must be approved in writing by your trainer.
Submit this document with any required evidence attached. See specifications below
for details.
You must submit soft copy of your answers in a word document.
Upload the softcopy on the link provided in the eLearning site.
Project:
This assessment task requires you to demonstrate the skills and knowledge to lead the
identification, management, and implementation of specific industry technologies to meet
identified industry standards.
You are required to complete the following assessment activities in this assessment task:
1. Develop cyber security awareness in the work area by developing one set of policies and
procedures for a work area that promote cyber security awareness and practices.
2. Support effective cyber security practices in the work area by arranging training or updates
to be provided to colleagues that support practice or awareness in relation to two different
cyber security matters.
3. Review cyber security awareness in the work area.
Resources Required to complete the assessment task:
Organizational representative – This role will be played by your trainer/assessor
A site where industry-specific technologies may be used – for this assessment task, we have
selected your RTO/educational institute as the industry.
Industry-specific technologies currently used in industry – you must research and identify
the technologies related to the education industry.
A desktop computer to access information online.
Internet browser
BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 2 of 12
USB or Wifi access for document sharing and internet connectivity
Recording hardware/software for podcasting, e.g. microphone, headphone and
speakers
Online forums to share ideas and information
MS Office
Learning management system such as Moodle
Documents detailing workplace health and safety (WHS) standards, environmental
guidelines and organizational requirements – as applicable on the educational and training
institute
Information and data sources relating to cyber security (Access using the industry-specific
technologies)
Industry standards and organizational procedures
Cyber security protocols https://blog.logsign.com/cyber-security-protocols-thatyou-shouldknow/#:~:text=Cyber%20security%20protocols%20are%20plans,software%20tha
t%20work%20well%20together
.
Protecting a business from the cyber threats https://business.gov.au/Riskmanagement/Cyber-security/How-to-protect-your-business-from-cyber-threats
BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 3 of 12
You must read and understand the provided scenario and relevant information below to
complete this assessment task.
Scenario
You have recently joined a training organisation as a cybersecurity officer. The training organisation
use several delivery modes such as classroom, blended and distance modes to provide quality
education and training to its clients.
The training organisation has experienced a number of cyber threats recently including but not
limited to:
A ransomware attack
A number of phishing activities
Data leakage on a number of occasions
Website hacking (two times in the last month)
You are required to develop cyber security awareness in the work area by developing one set of
policies and procedures for a work area that promote cyber security awareness and practices,
support effective cyber security practices in the work area by arranging training or updates to be
provided to colleagues that support practice or awareness in relation to two different cyber security
matters and review cyber security awareness in the work area.
Problem: The organisation currently does not have the expertise, knowledge, or skills to look into
cyber security threats, they will require your services to make sure the organisation is secure and
safe from the cyber threats.
Other roles and responsibilities
Organisational representative/Information security manager: This role will be played by your
trainer/assessor. The purpose of this role is to ensure:
developing and managing Information Systems cybersecurity, including disaster recovery,
database protection and software development.
Manages IS security analysts to ensure that all applications are functional and secure.
Workplace colleagues (two): The role can be allocated to RTO representatives assigned by your
trainer/assessor or any two students. If the students are selected, the demonstration of activities
will occur in small groups in the absence of other students not participating at any given time. All
students must participate and demonstrate their skills and knowledge to complete each of the
assessment activities. The students will be assessed individually at all times based on their
performance in the assessment activities.

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 4 of 12
Activity 1: Develop cyber security awareness in the work area by developing one set of policies and
procedures for a work area that promote cyber security awareness and practices
In this assessment activity, you are required to develop cyber security awareness in the work area
by developing one set of policies and procedures for a work area that promote cyber security
awareness and practices.
To complete this assessment task, you must participate in a meeting to consult with stakeholders
to understand the assessment requirements and collect all the necessary information to complete
your assessment activities.
Meeting objectives:
Understand the assessment task requirements
Understand your role and responsibilities
Understand the role and responsibilities of other team members
Understand the organisational requirements and guidelines in which meeting should occur
Understand the topics to be discussed
Understand any other requirements and guidelines applicable to complete the assessment
task
The meeting should cover all aspects of performance criteria to complete the assessment
task successfully
Before the meeting, you are required to prepare a meeting agenda using the template provided.
When conducting the meeting, you are required to:
Greet the team members.
Discuss the following:
o Compliance of diversity policy with the legislative requirements
o Application of diversity policy.
o Assessment of the currency of diversity policy
o Assessment of the efficacy of diversity policy
o Suggested improvements
Ensure the understanding of the team members.
Gather feedback from the team members on the diversity policy
o Use listening and questioning to elicit the views of others and to clarify or confirm
understanding
Discuss the roles and responsibilities of the team members.
Discuss the implementation plan for the revised diversity policy. Discuss the following:
o Key result area
o Objectives
o Actions/training needs
o Responsibility
BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 5 of 12
o Timeframe
o Success measures
Gain approval for the implementation plan
The team member will:
Clarify their doubts of the team members.
Provide feedback on the improvements required.
After the meeting, you are then required to:
Prepare the meeting minutes template.
Prepare a revised diversity policy using the template provided.
Prepare an implementation plan using the template provided.
Meeting agenda template:

Date/Time:
Location:
Chairperson:
Meeting Attendees:
Full names and roles
Agenda Item/Topic Discussion/Outcomes Action Officer Due Date
Welcome
(Agenda item 1)
Topic?

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 6 of 12

(Agenda item 2)
Topic?
(Agenda item 3)
Topic?
Summary Overall Summary
Decision/s
Action/s if any
Next Meeting time/date
Meeting closed at:
Minutes are a true and
accurate record of the
meeting
Approved/confirmed by whom?

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 7 of 12
Meeting minutes template:

Minutes of Meeting
Meeting Objective:
Attendees:
Venue:
Date:
No. Points Discussed Actions Suggested Target Date
Signature of attendee 1: Signature of attendee 2:
Signature of attendee 3: Signature of attendee 4:

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 8 of 12
You must develop a set of cybersecurity policies and procedures for your training organisation that
promote cybersecurity awareness and practices.
You must use the template provided below to complete this assessment activity:

Intent:
Scope of the policy:
Definitions:
Introduction:
Policy principles and procedures (explain in terms of capability, responsibilities, culture, risk
management and response and recovery):

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 9 of 12
You must use the template provided below to complete this assessment activity:
Workplace training review template
You must also complete the following workplace training review template to develop the training
program for your organisation.

Explain how you have established the current level of awareness in work area relating to
cybersecurity? (50-100 words)
Explain how you have completed the policy and procedure to create and maintain cybersecurity
awareness program that reflects organisation-wide best practice? (50-100 words)
Explain how you have contributed to developing cybersecurity policies and procedures, and
communicated to required personnel? (50-100 words)

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 10 of 12
Activity 2: Support effective cyber security practices in the work area by arranging training or
updates to be provided to colleagues that support practice or awareness in relation to two different
cyber security matters.
In this assessment activity, you are required to arrange training to be provided to colleagues to
support practice and awareness in relation to cybersecurity matters. The training will be required
for 15 to 30 minutes and must include the following topics:
The organisation
Review cyber security practices according to organisational policies and procedures.
Arrange training and information updates as required and maintain related records.
Cybersecurity training requirements and purpose
Phishing attacks.
Removable media.
Passwords and Authentication.
Physical security.
Mobile Device Security.
Working Remotely.
Public wifi.
Cloud Security
Present insights from review and training to required personnel, and potential related
impacts on the workplace.
The training should occur in front of your trainer/assessor. The student must complete an MS
PowerPoint presentation covering all the mentioned above topics. The presentation should include
10-20 slides. The copy of the presentation must be submitted with this assessment activity.
You must use the template provided below to complete this assessment activity:

Cybersecurity training and information session
How would you evaluate the training
provided? (50-100 words)
The training was relevant to
the needs and requirements
of the audience
Materials provided were
helpful
Length of the training was
sufficient and complied
The content was well
organised

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 11 of 12

Questions were encouraged
Instructions were clear and
understandable
The training met all
expectations
The topics covered well in the
presentation
How did others evaluate the training
provided? (50-100 words)
The training was relevant to the needs
and requirements of the audience
Materials provided were
helpful
Length of the training was
sufficient and complied
The content was well
organised
Questions were encouraged.
Instructions were clear and
understandable.
The training met all
expectations.
The topics covered well in the
presentation.

BSBXCS402 Promote workplace cyber security awareness and best practices Assessment 1 – (Updated: April 2021, V.
No. 1.0)
Page 12 of 12
Activity 3: Review cybersecurity awareness in the work area
In this assessment activity, you are required to review the cybersecurity threats and trends
to ensure your organisation is secure from all cyber threats.
You must complete the attached review form to complete this assessment activity
successfully.

How have you reviewed the latest cybersecurity threats and trends impacting organisations?
(Review any three)
Document outcomes of the review and suggested improvements for consideration by required
personnel (50-100 words)
How have you communicated review outcomes and cybersecurity improvement requirements
according to organisational policies and procedures? (50-100 words)