CL CyberAware AE Sk2of2

Skills assessment
Criteria
Unit code, name and release number
Cl_CyberAware:
BSBXCS301 - Protect own personal online profile from cyber security threats (1)
BSBXCS302 - Identify and report online security threats (1)
Qualification/Course code, name and release number

ICT30120 - Certificate III in Information Technology (2)
Student details
Student number
Student name
Assessment declaration
Note: If you are an online student, you will be required to complete this declaration on the
TAFE NSW online learning platform when you upload your assessment.
This assessment is my original work and has not been:
 plagiarised or copied from any source without providing due acknowledgement.
 written for me by any other person except where such collaboration has been
authorised by the Teacher/Assessor concerned.
Student signature and date
Document title: CI_CyberAware_AE_Sk_2of2 Page 1 of 38

Resource ID: PRJ0011692_ CI_CyberAware_AE_Sk_2of2
STUDENT NAME:
Version: 20210726
Date created: 11/03/2021
Date modified: 12/03/2024
For queries, please contact:

SkillsPoint Technology and Business Services
Location Ultimo NSW
© 2021 TAFE NSW, Sydney

RTO Provider Number 90003 | CRICOS Provider Code: 00591E
This assessment can be found in the: Learning Bank
The contents in this document is copyright © TAFE NSW 2021 and should not be reproduced without the
permission of TAFE NSW. Information contained in this document is correct at the time of printing: 12 March
2024. For current information please refer to our website or your Teacher/Assessor as appropriate.

STUDENT NAME:
Assessment instructions
Table 1: Assessment instructions
Assessment details Instructions
Assessment overview The aim of this assessment is to assess your skills required to:
 protect own personal online profile from cyber security

threats, and to limit the potential impact of online security
breaches
 identify and report online security threats to limit potential
impact of cyber security breaches.
Assessment Event 2 of 2
number
Instructions for this This is a skills-based assessment that assesses your ability to
assessment demonstrate skills required in the unit.
This assessment is in 5 parts:
1. Part 1: Audit online profile and identify cyber security

threats
2. Part 2: Secure online profile
3. Part 3: Respond to cyber security threats
4. Part 4: Role play - Review cyber security threat response
5. Part 5: Delete account
And is supported by:
 Observation checklist 1
 Assessment feedback
Complete the Observation checklist for each task and activity and
the Assessment feedback to the student. Ensure you have taken a
copy of the assessment if the student has not submitted online.
The Assessment feedback page must be signed by both the

student and the Teacher/Assessor so the student displays that
they have received, understood, and accepted the feedback.
For guidance on applying reasonable adjustment refer to

STUDENT NAME:
Assessment Guidelines for TAFE NSW (WDETG18411)
Submission On completion of this assessment, you are required to submit it

instructions to your Teacher/Assessor for marking. Where possible,
submission and upload of all required assessment files should be
via the TAFE NSW online learning platform.
Ensure you have included your name at the bottom of each page
of documents you submit.
It is important that you keep a copy of all electronic and hardcopy

assessments submitted to TAFE and complete the assessment
declaration when submitting the assessment.
What do I need to do To achieve a satisfactory result for this assessment you must be
to achieve a available at the arranged time to complete all the assessment
satisfactory result? criteria as outlined in the assessment instructions.
All parts of the observable task must be performed to a

satisfactory level as indicated in the criteria section of the
Observation checklist.
All oral questions must be answered correctly to be deemed

satisfactory in this assessment task; however, Teachers/Assessors
may ask you additional questions to confirm your understanding
of the task.
If a resit is required to achieve a satisfactory result it will be

conducted at an agreed time after a suitable revision period.
What do I need to • TAFE NSW student account username and password. If you
provide? do not know your username and password, contact your
campus or service centre on 131601.
• TAFE NSW student email

• Personal email account (not TAFE NSW student account)
• Social media personal account
• Banking/Shopping personal account
Hardware

STUDENT NAME:
• Computer with internet access

• Own mobile phone
• A USB drive/Cloud storage to other storage method to save
your work.
Software
• Screen capture application (for example, Snipping Tool)
• Google Chrome browser
• Microsoft Office 365 student account including:
o Word
o OneDrive
o Outlook
o Teams
What the • Access to this assessment and learning resources,

Teacher/Assessor will including any supporting documents or links
provide • Computer with internet access and above listed software,
if completing in the classroom
• Australian Cyber Security Centre
• Gelos Enterprises Cyber Security Response policies &
procedures, including:
o About us
o Cyber Security organisational structure
o Gelos Enterprises cyber security response policy &
procedures
o Responding to cyber security threats or breaches –
Gelos Enterprises general staff
o Online accounts and profiles policy and procedures
o Gelos Enterprises banking policy
• Online communications, including:
o Email1
o Email2

STUDENT NAME:
o SMS1
Due date Refer to Unit Assessment Guide for due dates
Time allowed Five (5) hours (indicative only)
Venue Assessment to be completed inside and outside of class
Supervision The following tasks must be completed in a classroom

environment with a Teacher/Assessor present:
 Part 4 Task 4.1
A virtual classroom, making using of MS Teams teleconferencing,
may be used for this task.
The remaining tasks of this assessment are unsupervised and may
be completed as a take-home assessment.
Your Teacher/Assessor may ask for additional evidence to verify
the authenticity of your submission and confirm that the
assessment task was completed by you. This may include oral
questioning, comparison with in-class work samples or
observation.
You may access your reference text, learning notes and other
resources.
Assessment In accordance with the TAFE NSW policy Manage Assessment

feedback, review or Appeals, all students have the right to appeal an assessment
appeals decision in relation to how the assessment was conducted and
the outcome of the assessment. Appeals must be lodged within
14 working days of the formal notification of the result of the
assessment.
If you would like to request a review of your results or if you have

any concerns about your results, contact your Teacher/Assessor
or Head Teacher. If they are unavailable, contact the Student
Administration Officer.
Contact your Head Teacher/Assessor for the assessment appeals

procedures at your college/campus.

STUDENT NAME:
Specific task instructions
The instructions and the criteria in the tasks and activities below will be used by the
Teacher/Assessor to determine whether the tasks and activities have been satisfactorily
completed. Use these instructions and criteria to ensure you demonstrate the required
knowledge and skills.
Your confidentiality
The nature of this assessment requires disclosure of some personal information. You are
assured that any information provided in this assessment will be confidential and will not be
shared with any other party other than the Teacher/Assessor.
You should also ensure that you do not disclose this personal information to any of your
classmates.
Written answers
In this assessment you must word-process all your answers. Ensure that your answers are
tidy and accurate with correct spelling and grammar.
Important: Always enter your name on the bottom of each page of the assessment,
including any additional pages.
Screenshots
Where indicated in this assessment, you will be required to provide screenshots and
explanations of your work. Follow the instructions in this assessment to determine which
specific screenshots are required.
Along with the screenshots, you also need to include a short explanation of the work you
have done. Ensure that the screenshots include the date and time on your PC in the lower
right corner.
Resources
Throughout this assessment there are explicit references to a range of resources which may
include software applications, hardware, tools, and website links. At the time of writing this
assessment, the versions and links of these resources were correct. It is expected that over
time this may change.
In addition, your Teacher/Assessor may prefer a suitable alternative resource. They will let
you know if there are any alterations to prescribed resources.
Contact your Teacher/Assessor if there are any issues associated with a resource.

STUDENT NAME:
Scenario
This scenario relates to all tasks within this assessment. To complete this assessment, read
this scenario first.
Gelos Enterprises
To gain an understanding of Gelos Enterprises , go to the Gelos Enterprises Cyber Security
Response policies & procedures and read the About Us and ICT Organisational Structure
information.
Your role
You have recently started working for Gelos Enterprises as an ICT Trainee. You have already
completed your induction and are now ready for work.
You have been met by your manager, Terrence Stewart, ICT Security Manager, Gelos
Enterprises. Terrence is highly aware of the risk that cyber security threats pose to the
company. Recently Gelos Enterprises had a cyber breach which was linked back to an
employee using their own devices, to access the Gelos Enterprises network, whilst working
from home.
Before you are allowed to work from home, Terrence has asked that you perform a
thorough review of your own online profile and devices to eliminate any possible cyber
security threats. This is part of Gelos Enterprises Cyber Security policy and procedure.
Gelos Enterprises Cyber Security Response policies & procedure

You will need to refer to the Gelos Enterprises Cyber Security Response policies &
procedures document to complete some of the tasks.
It contains:
 About us
 Cyber Security organisational structure
 Gelos Enterprises Cyber Security Response policies & procedures
 Responding to cyber security threats or breaches - Gelos Enterprises general staff
 Online Accounts/Profiles policy and procedures
 Gelos Enterprises Banking Policy

STUDENT NAME:
Part 1: Audit online profile and identify cyber security
threats
In this part of the assessment you will conduct an audit of your own personal online profile
and identify any existing and/or potential cyber security threats.
Task 1.1 Determine current online accounts and/or profiles

Determine 3 (three) of your current online accounts and/or profiles, business or work-
related, that can be linked to your own personal identity. When you do this ensure that you:
 include 1 (one) social media account from an online public website/application such
as Facebook, LinkedIn, TikTok or Pinterest
 include 1 (one) account that you use for email
(you may not use your TAFE Student email address for this purpose)
 include 1 (one) account that you use for shopping or banking.
This is to be done according to Gelos Enterprises Cyber Security Response policies &
procedures.
Use the following Table 2: Online account audit for your answer.
Task 1.2 Review current online accounts and/or profiles

Review each of these accounts and/or profiles to determine any associated:
 online websites/applications – include at least one (1) website/application
 browsers – include at least one (1) browser.
This is to be done according to Gelos Enterprises Cyber Security Response policies &
procedures.
Use the following Table 2: Online account audit for your answer.
Task 1.3 Audit online accounts and/or profiles to identify threats

a) Conduct an audit of these account and/or profiles to determine risk factors in your
online personal profile. Use the criteria listed in Table 2: Online account audit for this
task.
b) Based on the findings of your audit, identify any common existing and/or potential
cyber security threats to your online personal profile.
To do this, list each of the account and/or profiles and identify the threats for each.
Use Table 3: Cyber security threats to your online personal profile for your answer.

STUDENT NAME:
Table 2: Online account audit
Audit items Audit details
Account/Profile Enter Account/Profile here.
Risk factors Links to personal info
Currently in use
Used on multiple sites/apps
Separate work from personal
Use alternative email addresses for different websites/apps
Includes access to credit card/financial details
Includes access to personal/professional network
Websites and Enter Websites and Applications here.

Applications
Browsers Enter Browsers here.
Password Complex Simple
>= 8 Characters
Mix of letters & numbers
Mix of upper & lower case
Includes symbols
Weak words/numbers
Follows an obvious pattern
Default/original password
Reuse old password
Listed on paper or phone
Used on multiple accounts
Not changed for > 3 months

STUDENT NAME:
Uses a Password Manager
Authentication Single factor
Two-factor
Multi-factor
Biometrics

STUDENT NAME:
Table 3: Cyber security threats to your online personal profile
Account/Profile Enter Account/Profile here.
Existing or Invasion of privacy

potential cyber Identify theft
security threats
Use of profile to spread disinformation
Use of profile for cyber bullying
Loss of reputation
Phishing attack
Access to professional/personal network
Money or asset theft
Damage to Credit Score/ Financial reputation
Use of profile for criminal purposes
Extortion
Coercion
Social engineering
Data loss/theft/corruption/access loss

STUDENT NAME:
Scenario: Gelos Enterprises small purchases account
Go to the Gelos Enterprises Cyber Security Response policies & procedures and, from the
Gelos Enterprises Banking Policy, read the Small Purchases account extract.
Task 1.4 Check billing and accounts records

Please review the following list of billing and account records from Table 4: Gelos
Enterprises bank statement for its Small Purchases account.
Check these billing and account records carefully to detect any early indicators of suspicious
transactions that may indicate potential theft. Mark each possible indicator under the
Potential theft column.
Billing and account records

Table 4: Gelos Enterprises bank statement for its Small Purchases account
Date Description Debit Credit Balance Potential theft

01/03/21 Opening Balance $5,200.00
01/03/21 Transfer from Gelos $2,000.00 $7,200.00

Enterprises S1 account
02/03/21 Nanna's Coffee Shop $ 53.44 $7,146.56
06/03/21 ATM W/D REDIATM Pyrmont $ 250.00 $6,896.56
08/03/21 POS W/D Penrith IGA $ 54.20 $6,842.36
08/03/21 Online PCs R US $ 36.00 $6,806.36
10/03/21 POS W/D Office Works $ 254.88 $6,551.48
11/03/21 Caltex Emu Plains $ 125.88 $6,425.60
11/03/21 JB Hi-Fi Online $ 1.00 $6,424.60
11/03/21 Nanna's Coffee Shop $ 75.33 $6,349.27
11/03/21 Quickie Mart Uganda $ 200.00 $6,149.27
11/03/21 POS W/D Office Works $ 34.55 $6,114.72
11/03/21 JB Hi-Fi Online $ 220.00 $5,894.72
11/03/21 Direct Debit – Netflix $ 21.42 $5,873.30
15/03/21 POS W/D Penrith IGA $ 155.44 $5,717.86
15/03/21 JB Hi-Fi Online $2,500.00 $3,217.86
16/03/21 Canadian Airlines $5,540.00 -$2,322.14
16/03/21 Brian's Online Model $ 234.99 -$2,557.13

Planes
16/03/21 Canadian Airlines $5,540.00 -$8097.13

STUDENT NAME:
Date Description Debit Credit Balance Potential theft
16/03/21 Monte Blanc Hotel Paris $7,500.00 -$15,597.13
17/03/21 Woolworths Emu Plains $ 54.00 -$15,651.13
23/03/21 POS W/D Penrith IGA $ 55.98 -$15,707.11
30/03/21 Bus account keeping fee $ 5.00 -$15,712.11
31/03/21 Closing Balance -$15,712.11

STUDENT NAME:
Part 2: Secure online profile
In this part of the assessment, you will create a secure online profile/account which removes
the risk of cyber potential security threats. This account will have a strong password and
two-factor authentication.
Note: This account and/or profile should not be used for anything other than what is
required in this assessment. You will need to delete the account at the end of the
assessment.
See Task 5.1. Also read Your confidentiality.
Scenario: Gelos Enterprises secure online account

Your manager, Terrence Stewart, ICT Security Manager, Gelos Enterprises, has asked you to
create an online account and/or profile using Google, as the backup email address for your
Gelos Enterprises staff account. This account needs to be secure to eliminate the threat of
possible cyber security threats.

STUDENT NAME:
Task 2.1 Create secure online account and/or profile
Create a secure account and/or profile. This account must:
 follow cyber security best practice for securing accounts and/or profile
 not include sensitive personal and/or company/school information
 have a strong password
 use two-factor authentication which asks for verification through a message to your
mobile phone
 link to your TAFE student email address as a recovery email address.
To do this create a Google account using Google Account management site.
Ensure that you use Google Chrome internet browser to perform this task.
Take screenshots of the following as you complete this task:
1. Accessing Google account creation facility
2. Steps in the creation of the account and show the password used. You will need to:
o take multiple screenshots to show completion of each step
o take a screenshot of your mobile phone with the verification code.
3. Addition of 2-Step verification with one second step option. You will need to:
o take multiple screenshots to show completion of each step
o take a screenshot of your mobile phone with the verification code.
4. Security check-up showing no issues found
5. Test to confirm that you can logon to Google using the account with two-factor
authentication. You will need to:
o take multiple screenshots including a screenshot of the mobile phone.
Include your screenshots in the following Table 5: Google account creation adjusting and/or
adding more rows when required. Include a short explanation of the contents of the
screenshot.

STUDENT NAME:
Table 5: Google account creation
Task Screenshots Explanation
1. Accessing Enter explanation here.

Google
account
creation
facility
2. Steps in the Enter explanation here.

creation of the
account and
show the
password
used
3. Addition of 2- Enter explanation here.

Step
verification
with one
second step
option
4. Security Enter explanation here.

checkup
showing no
issues found
5. Test to Enter explanation here.

confirm that
you can logon
to Google
using the
account with
two-factor
authentication

STUDENT NAME:
Task 2.2 Secure current online accounts and/or profiles
For each the online accounts and/or profiles, which you identified and audited, in Task 1.1,
Task 1.2 and Task 1.3 take action to secure your personal online profile and remove the
identified potential security risks. This includes confirming each of the following is in place
across all accounts:
1. Removal of potentially sensitive personal and/or company information from the
profile
2. Strong passwords
3. Turning on 2-step authentication
You will need gather evidence of this in the form of screenshots.

Include your screenshots in the following tables (Tables 6, 7 and 8), adjusting and/or adding
more rows when required. Include a short explanation of the contents of the screenshot(s).
In your screenshots you may opt to partially blur some personal details or not display
passwords however you still need to provide sufficient details/evidence for the
Teacher/Assessor to confirm your competency in the given criteria. Please read the Your
confidentiality section.

STUDENT NAME:
Account/Profile 1:
Enter Account/Profile 1 here.
Table 6: Secure online account/profile 1
1. Removal of Enter Explanation here.

potentially
sensitive
personal and/or
company
information
from the profile
2. Strong Enter Explanation here.

passwords
3. Turning on 2- Enter Explanation here.

step
authentication

STUDENT NAME:
Account/Profile 2:
Enter Account/Profile2 here.

potentially
sensitive
personal and/or
company
information
from the profile

passwords

step
authentication

STUDENT NAME:
Account/Profile 3:
Enter Account/Profile 3 here.

potentially
sensitive
personal and/or
company
information
from the profile

passwords

step
authentication

STUDENT NAME:
Task 2.3 Confirm software is current and sufficent
a) Confirm that your Google Chrome internet browser software, used on your own
desktop or laptop, is current. Also confirm that this software is sufficient and not an
alternative, trial, beta, or limited edition.
‘About Chrome’ showing status as up to date and not beta version
Include your screenshots in the following table (Table 9), adjusting or adding more rows
when required. Include a short explanation of the contents of the screenshot(s).
Table 9: Confirm software 1
Browser showing Enter Explanation here.

status as up to date
and not beta
version
b) Confirm that your Google Chrome internet browser software, used on your own
mobile phone, is current. Also confirm that this software is sufficient and not an
alternative, trial, beta, or limited edition.
Use the Google Play or Apple App Store to check this. If this is not available on your
mobile device, then talk to your Teacher/Assessor about how you may provide your
evidence.
Google Play or Apple App Store showing Google Chrome App as Open
Include your screenshots in the following table (Table 10), adjusting and/or adding more
rows when required. Include a short explanation of the contents of the screenshot(s).

STUDENT NAME:
Table 10: Confirm software 2
Google Play or Enter Explanation here.

Apple App Store
showing Google
Chrome App as
Open
Task 2.4 Adjust privacy/security settings

Adjust privacy/security settings on internet browser, web applications and applicable online
accounts
a) Confirm that the privacy/security settings in your Google Chrome internet browser
software, is adjusted to provide ‘Enhanced Protection’.
Google Chrome settings showing Enhanced Protection set
when required. Include a short explanation of the contents of the screenshot(s).
Table 11: Adjust privacy/security
Google Chrome Enter Explanation here.

settings showing
Enhanced
Protection set
b) Adjust the privacy/security settings in your Microsoft OneDrive, to allow your

Teacher/Assessor the ability to update a file. To do this:
1. Create a folder called ‘CyberAware’ at the top level of your MS OneDrive
2. Share this folder with your Teacher/Assessor, using their supplied TAFE email
address. Allow editing of this folder.
3. Copy the share link and place this in the following area.

STUDENT NAME:
Enter OneDrive link here:
Ensure that you use Microsoft OneDrive to perform this task. Ensure that you use your TAFE
NSW Office 365 student account.

STUDENT NAME:
Part 3: Respond to cyber security threats
In this part of the assessment, you will identify and respond to online security threats and
breaches.
Scenario: Cyber security threats

You have encountered the following cyber security related threats in the workplace. You will
need to respond to each of these threats after reviewing Gelos Enterprises Cyber Security
Response policies & procedures.
Task 3.1 Identify and respond to threat 1

When you are ready your Teacher/Assessor will send Email 1 to your TAFE NSW student
email account. Although this email is not dangerous, you will need to respond to the email
as if it was a possible cyber security threat, after reviewing Gelos Enterprises Cyber Security
a) Block the sender of this email
For this task you will need to use your TAFE student email account and Microsoft Outlook.
1. Received email selected and blocking settings being chosen
2. Screen message or settings confirming email sender is blocked
rows when required. Include a short explanation of the contents of the screenshots.

STUDENT NAME:
Table 12: Identify and respond to threat 1
1. Received email Enter Explanation here.

selected and
blocking settings
being chosen
2. Screen message Enter Explanation here.

or settings
confirming email
sender is
blocked
This file will not cause any harm, however it does contain a link to an EICAR
file which will be perceived as a virus by MS Defender (or similar) or by the
web browser.

STUDENT NAME:
b) Complete a report of this potential security breach using the following Gelos
Enterprises Incident report form.
Table 13: Gelos Enterprises Incident report form
Field Value
Full name Enter Full name here.
Location Enter Location here.
Email address Enter Email address here.
Phone Enter Phone here.
Type of problem Choose a Problem type here.
Detailed description Enter a Detailed description here.

When you are ready, your Teacher/Assessor will send Email 2 to your TAFE NSW student
email account. Although this email is not dangerous, you will need to respond to the email
as if it was a possible cyber security threat, after reviewing Gelos Enterprises Cyber Security
a) Implement two (2) techniques to verify the request for information in this email
For this task you will need to use your TAFE student email account and Microsoft Outlook.
1. Screenshots showing the two (2) techniques implemented to verify email
2. Screen message confirming email sender is blocked
rows when required. Include a short explanation of the contents of the screenshots.

STUDENT NAME:
1. Screenshots Enter Explanation here.

showing the two
(2) techniques
implemented to
verify email

confirming email
sender is
blocked
b) Complete a report of this potential security breach using the following Gelos
Enterprises Incident report form after reviewing Gelos Enterprises Cyber Security
Field Value

STUDENT NAME:
When you are ready your Teacher/Assessor will send SMS 1 to your personal mobile phone.
Although this SMS is not dangerous, you will need to respond to this SMS as if it was a
possible cyber security threat, after reviewing Gelos Enterprises Cyber Security Response
policies & procedures.
a) Block the sender of this SMS

1. Received SMS selected and blocking settings chosen
2. Screen message or settings confirming SMS sender is blocked
when required. Include a short explanation of the contents of the screenshots.
1. Received SMS Enter Explanation here.

selected and
blocking settings
chosen

or settings
confirming SMS
sender is
blocked

STUDENT NAME:
Complete a report of this potential security breach using the following Gelos Enterprises
Incident report form after reviewing Gelos Enterprises Cyber Security Response policies &
procedures.
Field Value
Task 3.4 Identify and respond to incident

The following scenario represents an actual security breach, involving a cyber security
incident, which has occurred at an organisation.
Scenario: Cyber security breach at Gelos Enterprises

You have received an email that appears to be from Amanda Bowker, a Gelos Enterprises
work colleague and selected the link provided. This takes you to a website which appears
very similar to the Gelos Enterprises logon page. This site is requesting your Gelos
Enterprises logon details. You have not noticed any changes in your work PC's behaviour.
a) Identify how you would respond to this cyber security incident after reviewing Gelos
Enterprises organisational policies, procedures and plans.
To do this, number the order in which these steps should be followed (1 to 4).
Those steps that should not be part of this process should be marked with an 'X'.

STUDENT NAME:
Table 18: Cyber security steps
Order (1 to 4)
Step or X
Contact your Gelos Enterprises work colleague to warn them about the
email
Report the incident using the Gelos Enterprises incident report
Delete the email
Talk to your manager about the email to confirm your suspicions
Stop using your work PC and look for another PC to use
Ring the Gelos Enterprises Service Desk Operator to report the incident
Run a virus/malware check on your work PC
Block the email
Send a broadcast message to all work colleagues warning them about

the email and possible cyber security breach
Ignore the email and carry on with your work
b) Complete a report of this cyber security incident using the following Gelos
Enterprises Incident report form after reviewing Gelos Enterprises organisational
policies, procedures and plans.

STUDENT NAME:
Field Value

STUDENT NAME:
Part 4: Role play - Review cyber security threat response
Before attempting this task, you must have already completed Parts 1 to 3 of
this assessment item.
In this part of the assessment, you will be providing verbal information to personnel as part
of the post-incident review. This will help to identify lessons learned and contribute to the
cyber response plan.
For this task you should have available a copy of the incident report you submitted in Task
3.4 for the email involving a possible cyber security threat.
Task 4.1 Post incident review

To complete this part of the assessment, you must participate in a role play to demonstrate
your ability to complete skills-based tasks to industry standards. The role play will be
observed by your Teacher/Assessor.
Your responses will be used as part of the overall evidence requirements of the units.
You should refer to the list of criteria provided in Observation checklist 1 to understand
what skills you need to demonstrate in this section of the assessment. This Checklist outlines
the assessment criteria that will be used to assess your performance.
Scenario: Post-incident review and lessons learnt with Gelos

Enterprises Service Desk Operator
You have been contacted by Maya, a Gelos Enterprises ICT Service Desk Operator, as a
follow up to your logging an incident for a possible cyber security breach incident. This will
relate to the email you received with the link to Gelos Enterprises logon website (See Task
3.4).
Maya, Gelos Enterprises ICT Service Desk Operator role

Maya has actioned your logged incident of a possible cyber security threat, and now needs
additional information to conduct a post-incident review.
Maya is keen to discuss the process that you followed when you received the email. This
information will be used to update the Cyber Security Incident Response Plan. This will
include any lessons learned from your logged incident.
In this phone call your Teacher/Assessor will organise for a suitable person, such as another
teacher, student, or industry representative, to play the role of Maya, Gelos Enterprises ICT
Service Desk Operator.

STUDENT NAME:
Your role
You must demonstrate the following in your role-play:
1. Participation in the post-incident review including providing information about the

possible/actual cyber security threat. You will need to ask questions to ensure you
understand what has happened and what you could do differently next time.
2. Contributing to the update of the cyber security incident response plan including
lessons learned.
Location
If a physical classroom is not available, this ‘phone call’ may be implemented as a tele-
conference (MS Teams teleconference) with the student, ‘Maya’ and Teacher/Assessor
participating.
Resources
 None required
Time allowed - This role play will take approximately 5 to 10 minutes.

STUDENT NAME:
Observation Checklist 1
The Observation checklist 1 will be used by your Teacher/Assessor to mark your
performance in the Part 4 Task 4.1. Use this Checklist to understand what skills you need to
demonstrate in the role play scenario. The Checklist lists the assessment criteria used to
determine whether you have successfully completed this assessment event. All the criteria
must be met. Your demonstration will be used as part of the overall evidence requirements
of the unit. The Teacher/Assessor may ask questions while the demonstration is taking place
or if appropriate directly after the task/activity has been completed.
Date of observation: Enter Date of observation here.

Table 20: Observation checklist 1
Assessor comments
Task Task/Activity (Describe the student’s ability in demonstrating the required skills
# Performed S U/S and knowledge)
OC 1 Participates in ☐ ☐
the post-
incident review
OC 2 Contribute to ☐ ☐
the update of
the cyber
security
incident
response plan

STUDENT NAME:
Part 5: Delete account
WARNING: Before attempting this part of the assessment, you must have
already completed Parts 1 to 4, and had your work marked by your
Teacher/Assessor.
In this part of the assessment you will delete the unused account as per Gelos Enterprises
Cyber Security Response policies & procedures.
Task 5.1 Delete unused accounts

The account you have created in Part 2 of this assessment is no longer needed. This account
must now be deleted according to Gelos Enterprises Cyber Security Response policies &
procedures.
Complete this task, using Google Account management site, to delete the account you
created in Part 2 of this assessment.
1. Accessing Google account deletion facility
2. Confirmation message that the account has been deleted
3. Test to confirm that you can no longer logon to Google using the account
when required. Include a short explanation of the contents of the screenshot.

STUDENT NAME:
Table 21: Delete unused accounts
1. Accessing Enter Explanation here.

Google account
deletion facility
2. Confirmation Enter Explanation here.

message that
the account has
been deleted
3. Test to confirm Enter Explanation here.

that you can no
longer logon to
Google using the
account

STUDENT NAME:
Assessment feedback
NOTE: This section must have the Teacher/Assessor and student signature to complete the
feedback. If you are submitting through the TAFE NSW online learning platform, your
Teacher/Assessor will give you feedback via the platform.
Assessment outcome
Satisfactory
Unsatisfactory
Assessor feedback
Has the Assessment Declaration for this assessment event been signed and dated by the
student?
Are you assured that the evidence presented for assessment is the student’s own work?
Was reasonable adjustment in place for this assessment event?
If yes, ensure it is detailed on the assessment document.
Comments:
Assessor name, signature and date:
Student acknowledgement of assessment outcome

Would you like to make any comments about this assessment?
Student name, signature and date

STUDENT NAME:

CL CyberAware AE Sk2of2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CL CyberAware AE Sk2of2

Uploaded by

Copyright:

Available Formats

Skills assessment

BSBXCS302 - Identify and report online security threats (1)

Qualification/Course code, name and release number

This assessment is my original work and has not been:

 plagiarised or copied from any source without providing due acknowledgement.

Student signature and date

Document title: CI_CyberAware_AE_Sk_2of2 Page 1 of 38

For queries, please contact:

© 2021 TAFE NSW, Sydney

Document title: CI_CyberAware_AE_Sk_2of2 Page 2 of 38

Assessment details Instructions

 protect own personal online profile from cyber security

This assessment is in 5 parts:

1. Part 1: Audit online profile and identify cyber security

2. Part 2: Secure online profile

3. Part 3: Respond to cyber security threats

4. Part 4: Role play - Review cyber security threat response

5. Part 5: Delete account

And is supported by:

The Assessment feedback page must be signed by both the

For guidance on applying reasonable adjustment refer to

Document title: CI_CyberAware_AE_Sk_2of2 Page 3 of 38

Assessment Guidelines for TAFE NSW (WDETG18411)

Submission On completion of this assessment, you are required to submit it

It is important that you keep a copy of all electronic and hardcopy

All parts of the observable task must be performed to a

All oral questions must be answered correctly to be deemed

If a resit is required to achieve a satisfactory result it will be

• TAFE NSW student email

Document title: CI_CyberAware_AE_Sk_2of2 Page 4 of 38

• Computer with internet access

What the • Access to this assessment and learning resources,

Document title: CI_CyberAware_AE_Sk_2of2 Page 5 of 38

Due date Refer to Unit Assessment Guide for due dates

Time allowed Five (5) hours (indicative only)

Venue Assessment to be completed inside and outside of class

Supervision The following tasks must be completed in a classroom

Assessment In accordance with the TAFE NSW policy Manage Assessment

If you would like to request a review of your results or if you have

Contact your Head Teacher/Assessor for the assessment appeals

Document title: CI_CyberAware_AE_Sk_2of2 Page 6 of 38

Document title: CI_CyberAware_AE_Sk_2of2 Page 7 of 38

Gelos Enterprises Cyber Security Response policies & procedure

Document title: CI_CyberAware_AE_Sk_2of2 Page 8 of 38

Task 1.1 Determine current online accounts and/or profiles

Task 1.2 Review current online accounts and/or profiles

Task 1.3 Audit online accounts and/or profiles to identify threats

Document title: CI_CyberAware_AE_Sk_2of2 Page 9 of 38

Audit items Audit details

Account/Profile Enter Account/Profile here.

Risk factors Links to personal info

Used on multiple sites/apps

Separate work from personal

Use alternative email addresses for different websites/apps

Includes access to credit card/financial details

Includes access to personal/professional network

Websites and Enter Websites and Applications here.

Browsers Enter Browsers here.

Password Complex Simple

Mix of letters & numbers

Mix of upper & lower case

Follows an obvious pattern

Reuse old password