REPUBLIC OF KENYA

NATIONAL OCCUPATIONAL STANDARDS

FOR

CYBER SECURITY OPERATOR

LEVEL 5

TVET CDACC
P.O BOX 15745-00100
NAIROBI
First published 2019

© 2019, TVET CDACC

All rights reserved. No part of these occupational standards may be reproduced,

distributed, or transmitted in any form or by any means, including photocopying,
recording, or other electronic or mechanical methods without the prior written
permission of the TVET CDACC, except in the case of brief quotations embodied in
critical reviews and certain other non-commercial uses permitted by copyright law.
For permission requests, write to the Council Secretary/CEO, at the address below:

Council Secretary/CEO
TVET Curriculum Development, Assessment and Certification Council
P.O. Box 15745–00100 Nairobi, Kenya
Email: [email protected]

© TVET CDACC 2019 ii

 FOREWORD
The provision of quality education and training is fundamental to the Government’s
overall strategy for social economic development. Quality education and training will
contribute to achievement of Kenya’s development blue print and sustainable
development goals.

Reforms in the education sector are necessary for the achievement of Kenya Vision
2030 and meeting the provisions of the Constitution of Kenya 2010. The education
sector had to be aligned in the Constitution and this resulted to the formulation of the
Policy Framework for Reforming Education and Training (Sessional Paper No. 4 of
2016). A key feature of this policy is the radical change in the design and delivery of
the TVET training. This policy document requires that training in TVET be
competency based, curriculum development be industry led, certification be based on
demonstration of competence and mode of delivery allows for multiple entry and exit
in TVET programmes.

These reforms demand that Industry takes a leading role in curriculum development to
ensure the curriculum addresses its competence needs. It is against this background
that these Occupational Standards was developed for the purpose of developing a
competency-based curriculum for a Cyber Security operation Level 5. These
Occupational Standards will also be the basis for assessment of an individual for
competence certification.

It is my conviction that these Occupational Standards will play a great role towards
development of competent human resource for the Security Sector’s growth and
sustainable development.

PRINCIPAL SECRETARY, VOCATIONAL AND TECHNICAL TRAINING

MINISTRY OF EDUCATION

© TVET CDACC 2019 iii

 PREFACE
Kenya Vision 2030 aims to transform the country into a newly industrializing,
“middle-income country providing a high quality life to all its citizens by the year
2030”. Kenya intends to create a globally competitive and adaptive human resource
base to meet the requirements of a rapidly industrializing economy through life-long
education and training. TVET has a responsibility of facilitating the process of
inculcating knowledge, skills and attitudes necessary for catapulting the nation to a
globally competitive country, hence the paradigm shift to embrace Competency Based
Education and Training (CBET).

The Technical and Vocational Education and Training Act No. 29 of 2013 and the
Sessional Paper No. 4 of 2012 on Reforming Education and Training in Kenya,
emphasized the need to reform curriculum development, assessment and certification.
This called for shift to CBET to address the mismatch between skills acquired through
training and skills needed by industry as well as increase the global competitiveness
of Kenyan labour force.

The TVET Curriculum Development, Assessment and Certification Council (TVET

CDACC), in conjunction with Security Sector Skills Advisory Committee (SSAC)
have developed these Occupational Standards for a Cyber Security Operator. These
standards will be the basis for development of a competency-based curriculum for
cyber Security Level 5. These Standards will also be the basis for assessment of an
individual for competence certification.

The occupational standards are designed and organized with clear performance
criteria for each element of a unit of competency. These standards also outline the
required knowledge and skills as well as evidence guide.

I am grateful to the Council Members, Council Secretariat, Security SSAC, expert

workers and all those who participated in the development of these occupational
standards.

CHAIRPERSON,
TVET CDACC

© TVET CDACC 2019 iv

 ACKNOWLEDGMENT
These Occupational Standards were developed through combined effort of various
stakeholders from private and public organizations. I am sincerely thankful to the
management of these organizations for allowing their staff to participate in this
course. I wish to acknowledge the invaluable contribution of industry players who
provided inputs towards the development of these Standards.

I thank TVET Curriculum Development, Assessment and Certification Council

(TVET CDACC) for providing guidance on the development of these Standards. My
gratitude goes to the Security Sector Skills Advisory Committee (SSAC) members for
their contribution to the development of these Standards. I thank all the individuals
and organizations who participated in the validation of these Standards.

I acknowledge all other institutions which in one way or another contributed to the
development of these Standards.

CHAIRPERSON
SECURITY SECTOR SKILLS ADVISORY COMMITTEE

© TVET CDACC 2019 v

 TABLE OF CONTENT
FOREWORD..............................................................................................................iii
PREFACE....................................................................................................................iv
ACKNOWLEDGMENT..............................................................................................v
ACRONYMS AND ABBREVIATIONS..................................................................vii
KEY TO UNIT CODE.............................................................................................viii
OVERVIEW................................................................................................................ix
BASIC UNITS OF COMPETENCY..........................................................................1
DEMONSTRATE COMMUNICATION SKILLS...................................................2
DEMONSTRATE NUMERACY SKILLS................................................................6
DEMONSTRATE DIGITAL LITERACY..............................................................12
DEMONSTRATE ENTREPRENEURIAL SKILLS..............................................16
DEMONSTRATE EMPLOYABILITY SKILLS....................................................22
DEMONSTRATE ENVIRONMENTAL LITERACY...........................................29
DEMONSTRATE OCCUPATIONAL SAFETY AND HEALTH PRACTICES 35
COMMON UNITS OF COMPETENCY.................................................................40
DEMONSTRATE DIGITAL LITERACY..............................................................41
CORE UNITS OF COMPETENCY.........................................................................46
PERFORM COMPUTER REPAIR AND MAINTENANCE................................47
DEMONSTRATE UNDERSTANDING OF CYBER SECURITY LAWS,
POLICIES AND REGULATIONS..........................................................................51
PERFORM COMPUTER NETWORKING...........................................................56
SECURE SOFTWARE APPLICATION.................................................................61
SECURE DATABASES.............................................................................................65
CONDUCT CYBER SECURITY ASSESSMENT AND TESTING.....................74

© TVET CDACC 2019 vi

 ACRONYMS AND ABBREVIATIONS
BC Basic Competencies
CC Common Competencies
CDACC Curriculum Development, Assessment and Certification
Council
CERT Computer Incidence response team
CIRT Computer Incidence response team
CR Core Competencies
CS Cyber Security
EHS Environment, Health and Safety
IBMS Integrated Building Management System
ICT Information and communication Technology
IEE Institute of Electrical Engineers
KEBS Kenya Bureau of Standards
NCA National Construction Authority
NIST National institute of Standards
and Technology
OS Occupational Standards
OSHA Occupational Safety and Health Act
OWASP Open web application security Project
PPE Personal Protective Equipment
SEC Security
SIEM Security Information and Event management
TVET Technical and Vocational Education and Training
WIBA Work injury benefits Act

© TVET CDACC 2019 vii

 KEY TO UNIT CODE

SEC/OS/CS/BC/01/5/A

Industry or sector

Occupational Standards

Occupational area

Type of competency

Competency number

Competency level
Version Control

© TVET CDACC 2019 viii

 OVERVIEW
Cyber Security Level 5 qualification consists of competencies that a person must
achieve to enable him/her to be certified as a Cyber Securiy operator.

A Cyber security technician is a person who will carry out Cyber security duties using
a given design and customer’s requirements. This work demands the technician to
perform Computer repair and maintenance, demonstrate understanding of security
laws, policies and regulations, perform Computer Networking, secure Software
application and databases, install Cyber security system and conduct security
Assessment and testing.

The units of competency comprising Cyber Security level 5 qualifications include the
following basic, common and core competencies:

BASIC COMPETENCY
Unit Code Unit Title
SES/OS/CS/BC/01/5/A Demonstrate communication skills
SEC/OS/CS/BC/02/5/A Demonstrate Numeracy skills
SEC/OS/CS/BC/03/5/A Demonstrate entrepreneurial skills
SEC/OS/CS/BC/04/5/A Demonstrate employability skills
SEC/OS/CS/BC/05/5/A Demonstrate environmental literacy
SEC/OS/CS/BC/06/5/A Demonstrate occupational safety and health
practices

COMMON COMPETENCY
Unit Code Unit Title
SEC/OS/CS/CC/01/5/A Demonstrate Digital Literacy

CORE COMPETENCY
Unit Code Unit Title
SEC/OS/CS/CR/01/5/A Perform Computer repair and maintenance
SEC/OS/CS/CR/02/5/A Demonstrate understanding of security laws, policies
and regulations
SEC/OS/CS/CR/03/5/A Perform Computer Networking
SEC/OS/CS/CR/04/5/A Secure Software application
SEC/OS/CS/CR/05/5/A Secure Databases
SEC/OS/CS/CR/06/5/A Install Cyber security system
SEC/OS/CS/CR/07/5/A Conduct security Assessment and testing

© TVET CDACC 2019 ix

 BASIC UNITS OF COMPETENCY

© TVET CDACC 2019 1

 DEMONSTRATE COMMUNICATION SKILLS

UNIT CODE: SES/OS/CS/BC/01/5/A

UNIT DESCRIPTION
This unit covers the competencies required to demonstrate communication skills. It
involves meeting communication needs of clients and colleagues, contributing to the
development of communication strategies, conducting workplace interviews,
facilitating group discussions and representing the organisation

ELEMENTS AND PERFORMANCE CRITERIA

ELEMENT PERFORMANCE CRITERIA

These describe the These are assessable statements which specify the
key outcomes which required level of performance for each of the elements.
make up workplace
Bold and italicized terms are elaborated in the Range
function

1. Meet 1.1 Specific communication needs of clients and

communicati colleagues are identified and met based on
on needs of workplace requirements
clients and 1.2 Different communication approaches are
colleagues identified and applied according to clients’ needs
1.3 Conflict is identified and addressed as per the
standards of the organization
2. Contribute to 2.1 Strategies for internal and external dissemination
the of information are developed, promoted,
development implemented and reviewed as per organizations’
of strategic plan
communicati 2.2 Channels of communication are established and
on strategies reviewed based on the workplace needs
2.3 Communication training needs are identified and
provided according to SOPs
2.4 Work related network and relationship are
maintained based on workplace requirements
2.5 Negotiation and conflict resolution strategies are
maintained as per the workplace procedures
3. Conduct 3.1 Communication strategies are identified and
workplace employed in interview situations based on
interviews workplace requirements
3.2 Records of interviews are made and maintained in
accordance with organizational procedures
3.3 Effective questioning, listening and nonverbal
communication techniques are used based on
needs
4. Facilitate 4.1 Mechanisms to enhance effective group

© TVET CDACC 2019 2

 group interaction are identified and implemented
discussions according to workplace requirements
4.2 Strategies to encourage group participation are
identified and used as per organizations’
procedures
4.3 Meetings objectives and agenda are set and
followed based on workplace requirements
4.4 Relevant information is provided and feedback
obtained according to set protocols
4.5 Evaluation of group communication strategies is
undertaken in accordance with workplace
guidelines
4.6 Specific communication needs of individuals are
identified and addressed as per individual needs
5. Represent 5.1 Relevant presentation are researched and
the presented based on internal or external
organization communication forums requirements Presentation
is delivered in a clear and sequential manner as
per the predetermined time
5.2 Presentation is made as per appropriate media
5.3 Difference views are respected based on
workplace procedures
5.4 Written communication is done as per
organizational standards
5.5 Inquiries are responded according to
organizational standard

RANGE
This section provides work environment and conditions to which the performance
criteria apply. It allows for different work environment and situations that will affect
performance.

Variable Range

1. Communication  Language switch

strategies may  Comprehension check
include but not  Repetition
limited to:  Asking confirmation
 Paraphrase
 Clarification request
 Translation
 Restructuring
 Approximation
 Generalization
2. Effective group  Identifying and evaluating what is occurring
interaction may within an interaction in a non-judgmental way
include but not  Using active listening

© TVET CDACC 2019 3

 limited to:  Making decision about appropriate words,
behavior
 Putting together response which is culturally
appropriate
 Expressing an individual perspective
 Expressing own philosophy, ideology and
background and exploring impact with
relevance to communication
 Openness and flexibility in communication
3. Interview situations  Establishing rapport
may include but not  Eliciting facts and information
limited to:  Facilitating resolution of issues
 Developing action plans
 Diffusing potentially difficult situations

REQUIRED SKILLS AND KNOWLEDGE

This section describes the skills and knowledge required for this unit of competency.

Required Skills
The individual needs to demonstrate the following skills:
 Active listening
 Giving/receiving feedback
 Interpretation of information
 Role boundaries setting
 Negotiation
 Communication

Required Knowledge
The individual needs to demonstrate knowledge of:
 Communication process
 Dynamics of groups and different styles of group leadership
 Communication skills relevant to client groups
 Flexibility in communication

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.

1. Critical Assessment requires evidence that the candidate:

aspects of 1.1 Met communication needs of clients and colleagues
Competency 1.2 Contributed to the development of communication

© TVET CDACC 2019 4

 strategies
1.3 Conducted interviews
1.4 Facilitated group discussions
1.5 Represented the organization
2. Resource The following resources should be provided:
Implications 2.1 Access to relevant workplace or appropriately
simulated environment where assessment can take
place
2.2 Materials relevant to the proposed activity or tasks
3. Methods of Competency in this unit may be assessed through:
Assessment 3.1 Observation
3.2 Oral questioning
3.3 Written test
3.4 Portfolio of Evidence
3.5 Interview
3.6 Third party report
4. Context of Competency may be assessed:
Assessment 4.1 On the job
4.2 Off the job
4.3 During industrial attachment
5. Guidance Holistic assessment with other units relevant to the industry
information sector, workplace and job role is recommended.
for
assessment

© TVET CDACC 2019 5

 DEMONSTRATE NUMERACY SKILLS

UNIT CODE: SES/OS/CS/BC/02/5/A

UNIT DESCRIPTION
This unit covers the competencies required to demonstrate numeracy skills. it involves
calculating with whole numbers and familiar fractions, decimals, and percentages for
work estimating, measuring, and calculating with routine metric measurements for
work, using routine maps and plans for work, interpreting, drawing and constructing
2D and 3D shapes for work, interpreting routine tables, graphs and charts for work,
collecting data and constructing routine tables and graphs for work and using basic
functions of calculator.

ELEMENTS AND PERFORMANCE CRITERIA

ELEMENT PERFORMANCE CRITERIA

These describe the key These are assessable statements which specify the
outcomes which make required level of performance for each of the elements.
up workplace function.
Bold and italicized terms are elaborated in the Range.

1. Calculate with 1.1 Mathematical information that may be partly

whole numbers and embedded in routine workplace tasks and texts is
familiar fractions, selected and interpreted as per SOPs
decimals and 1.2 Whole numbers and routine or familiar fractions,
percentages for work decimals and percentages including familiar rates
are interpreted and comprehended as per SOPs
1.3 Calculations which may involve a number of steps
are performed as per SOPs
1.4 Calculations done with whole numbers and
routine or familiar fractions, decimals and
percentages as per SOPs
1.5 Conversion between equivalent forms of fractions,
decimals and percentages is done as per SOPs
1.6 Order of operations is applied to solve multi-step
calculations as per SOPs
1.7 Problem solving strategies are appropriately
applied as per SOPs
1.8 Estimations are made to check reasonableness of
problem solving process, outcome and its
appropriateness to the context and task as per
SOPs
1.9 Formal and informal mathematical language and
symbolism are used to communicate the result of
the task as per SOPs.
2. Estimate, measure, 2.1 Measurement information in workplace tasks and

© TVET CDACC 2019 6

and calculate with texts are selected and interpreted in accordance
routine metric with workplace requirements
measurements for work 2.2 Appropriate routine measuring equipment are
identified and selected in accordance with
workplace requirements
2.3 Measurements are estimated and made using
correct units as per measurement manuals.
2.4 Estimations and calculations done as per routine
measurements
2.5 Conversions performed routinely as per metric
units
2.6 Problem solving processes are used to undertake
the tasks as per workplace procedures.
2.7 Estimations are made to check reasonableness of
problem solving process, outcome and its
appropriateness to the context and task as per
workplace procedures
2.8 Information is recorded using mathematical
language and symbols appropriate to discuss the
task as per workplace procedures.
3. Use routine 3.1 Features are identified in routine maps and plans
maps and plans for as per SOPs
work 3.2 Symbols and keys in routine maps and plans are
clearly explained as per SOPs
3.3 Orientation of map to North is identified and
interpreted as per SOPs
3.4 Understanding of direction and location is clearly
demonstrated as per SOPs
3.5 Simple scale is applied to estimate length of
objects, or distance to location or object as per
SOPs
3.6 Directions are given and received using both
formal and informal language as per SOPs
4. Interpret, draw 4.1 Two dimensional shapes and routine three
and construct 2D and dimensional shapes identified in everyday objects
3D shapes for work and in different orientations in accordance with
job specifications
4.2 The use and application of shapes elaborately
explained as per SOPs
4.3 Formal and informal mathematical language and
symbols used to describe and compare the features
of two dimensional shapes and routine three
dimensional shapes as per workplace procedures.
4.4 Common angles identified in accordance with
SOPs
4.5 Common angles in everyday objects are
appropriately estimated as per SOPs
4.6 Formal and informal mathematical language are
used to describe and compare common angles as

© TVET CDACC 2019 7

 per workplace procedures.
4.7 Common geometric instruments used to draw two
dimensional shapes as per SOPs
4.8 Routine three dimensional objects constructed
from given nets as per SOPs.
5. Interpret routine 5.1 Routine tables, graphs and charts identified in
tables, graphs and predominately familiar texts and contexts as per
charts for work tables and graph manuals
5.2 Common types of graphs and their different uses
identified as per SOPs
5.3 Features of tables, graphs and charts identified as
per workplace procedures
5.4 Information in routine tables, graphs and charts
located and interpreted as per workplace
procedures
5.5 Calculations are perform to interpret information
as per SOPs
5.6 How statistics can inform and persuade
interpretations is explained as per SOPs
5.7 Misleading statistical information is identified as
per workplace procedures.
5.8 Information relevant to the workplace is discussed
as per workplace procedures.
6. Collect data and 6.1 Features of common tables and graphs identified
construct routine tables as per SOPs
and graphs for work 6.2 Uses of different tables and graphs identified as
per job specifications
6.3 Data and variables to be collected are determined
as per workplace procedures.
6.4 The audience is determined as per the workplace
procedures
6.5 Method of data collection is select as per job
requirement
6.6 Data is collected as per SOPs
6.7 Information is collated in a table as per SOPs
6.8 Suitable scale and axes determined as per job
specifications
6.9 Graph to present information is drafted and drawn
as per SOPs
6.10 Data checked to ensure that it meets the expected
results and context as per workplace procedures
6.11 Information is reported or discussed using formal
and informal mathematical language as per
workplace procedures
7. Use basic 7.1 Keys are identified and used for basic functions
functions of calculator on a calculator as per SOPs
7.2 Calculation is done using whole numbers, money
and routine decimals and percentages as per SOPs
7.3 Calculation done with routine fractions and

© TVET CDACC 2019 8

 percentages as per SOPs
7.4 Order of operations is applied to solve multi-step
calculations as per SOPs
7.5 Results are interpreted, displayed and recorded as
per workplace procedures
7.6 Estimations are made to check reasonableness of
problem solving process, outcome and its
appropriateness to the context and task as per
workplace procedures
7.7 Formal and informal mathematical language and
appropriate symbolism and conventions used to
communicate the result of the task as per
workplace procedures.

RANGE
This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range

1. Use basic  Addition

functions of  Multiplication
calculator may  Calculate ratios
include but not  Conversion of ratios into percentages
limited to:

2. Different tables  Bar Graphs

and graphs may  Flow Charts
include but not  Pie Charts
limited to:  Pictograph
 Line Graphs
 Time Series Graphs
 Stem and Leaf Plot
 Histogram
 Dot Plot
 Scatter plot

REQUIRED SKILLS AND KNOWLEDGE

This section describes the skills and knowledge required for this unit of competency.

Required Skills
The individual needs to demonstrate the following skills:

© TVET CDACC 2019 9

  Measuring
 Logical thinking
 Computing
 Drawing of graphs
 Applying mathematical formulas
 Analytical

Required knowledge
The individual needs to demonstrate knowledge of:
 Types of common shapes
 Differentiation between two dimensional shapes / objects
 Formulae for calculating area and volume
 Types and purpose of measuring instruments
 Units of measurement and abbreviations
 Fundamental operations (addition, subtraction, division, multiplication)
 Rounding techniques
 Types of fractions
 Different types of tables and graphs
 Meaning of graphs, such as increasing, decreasing, and constant value
 Preparation of basic data, tables & graphs

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.

1. Critical aspects Assessment requires evidence that the candidate:

of Competency 1.1 Calculated correctly with whole numbers and
routine or familiar fractions, decimals and
percentages
1.2 Estimated, measured and calculated with routine
metric measurements
1.3 Applied simple scale to estimate length of objects
or distance to location or object
1.4 Used formal and informal mathematical language
to describe and compare common angles
1.5 Used common geometric instruments to draw two
dimensional shapes
1.6 Collected data and constructed routine tables and
graphs
1.7 Used basic functions of calculator correctly
2. Resource The following resources should be provided:
Implications 2.1 Access to relevant workplace or appropriately
simulated environment where assessment can take
place

© TVET CDACC 2019 10

 2.2 Materials relevant to the proposed activity or tasks
3. Methods of Competency may be assessed through:
Assessment 3.1 Observation
3.2 Oral questioning
3.3 Written test
3.4 Portfolio of Evidence
3.5 Interview
3.6 Third party report
4. Context of Competency may be assessed in:
Assessment 4.1 On the job
4.2 Off the job
4.3 Industrial attachment
5. Guidance Holistic assessment with other units relevant to the
information for industry sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 11

 DEMONSTRATE DIGITAL LITERACY

UNIT CODE:SES/OS/CS/BC/03/5/A
UNIT DESCRIPTION
This unit covers the competencies required to demonstrate digital literacy. It involves
identifying appropriate computer software and hardware, applying security measures
to data, hardware, software in automated environment, applying computer software in
solving tasks, applying internet and email in communication at workplace, applying
desktop publishing in official assignment and preparing presentation packages.

ELEMENTS AND PERFORMANCE CRITERIA

ELEMENT PERFORMANCE CRITERIA

These describe the These are assessable statements which specify the required
key outcomes which level of performance for each of the elements.
make up workplace
Bold and italicized terms are elaborated in the Range
function

1. Identify 1.1 Concepts of ICT are determined in accordance with

appropriate computer equipment
computer 1.2 Classifications of computers are determined in
software and accordance with manufacturers specification
hardware 1.3 Appropriate computer software is identified
according to manufacturer’s specification
1.4 Appropriate computer hardware is identified
according to manufacturer’s specification
1.5 Functions and commands of operating system are
determined in accordance with manufacturer’s
specification
2. Apply 2.1 Data security and privacy are classified in
security accordance with the prevailing technology
measures to 2.2 Security threats are identified, and control measures
data, are applied in accordance with laws governing
hardware, protection of ICT
software in 2.3 Computer threats and crimes are detected in
automated accordance with Information security management
environment guidelines
2.4 Protection against computer crimes is undertaken in
accordance with laws governing protection of ICT
3. Apply 3.1 Word processing concepts are applied in resolving
computer workplace tasks, report writing and documentation as
software in per job requirements
solving tasks 3.2 Word processing utilities are applied in accordance
with workplace procedures
3.3 Worksheet layout is prepared in accordance with

© TVET CDACC 2019 12

 work procedures
3.4 Worksheet is build and data manipulated in the
worksheet in accordance with workplace procedures
3.5 Continuous data manipulated on worksheet is
undertaken in accordance with work requirements
3.6 Database design and manipulation is undertaken in
accordance with office procedures
3.7 Data sorting, indexing, storage, retrieval and security
is provided in accordance with workplace procedures
4. Apply 4.1 Electronic mail addresses are opened and applied in
internet and workplace communication in accordance with office
email in policy
communicati 4.2 Office internet functions are defined and executed in
on at accordance with office procedures
workplace 4.3 Network configuration is determined in accordance
with office operations procedures
4.4 Official World Wide Web is installed and managed
according to workplace procedures
5. Apply 5.1 Desktop publishing functions and tools are identified
desktop in accordance with manufactures specifications
publishing in 5.2 Desktop publishing tools are developed in
official accordance with work requirements
assignments 5.3 Desktop publishing tools are applied in accordance
with workplace requirements
5.4 Typeset work is enhanced in accordance with
workplace standards
6. Prepare 6.1 Types of presentation packages are identified in
presentation accordance with office requirements
packages 6.2 Slides are created and formulated in accordance with
workplace procedures
6.3 Slides are edited and run in accordance with work
procedures
6.4 Slides and handouts are printed according to work
requirements

RANGE
This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range

1. Appropriate computer  Computer case

hardware may include  Monitor
but not limited to:  keyboard
 mouse

© TVET CDACC 2019 13

 2. Data security and  Confidentiality of data
privacy may include  Cloud computing
but not limited to:  Integrity -but-curious data surfing
3. Security and control  Counter measures against cyber terrorism
measures may include  Risk reduction
but not limited to:  Cyber threat issues
 Risk management
 Pass wording
4. Security threats may  Cyber terrorism
include but not limited  Hacking
to:

REQUIRED SKILLS AND KNOWLEDGE

This section describes the skills and knowledge required for this unit of competency.
Required Skills
The individual needs to demonstrate the following skills:
 Analytical skills
 Interpretation
 Typing
 Communication
 Basic ICT skills

Required Knowledge
The individual needs to demonstrate knowledge of:
 Software concept
 Functions of computer software and hardware
 Data security and privacy
 Computer security threats and control measures
 Technology underlying cyber-attacks and networks
 Cyber terrorism
 Computer crimes
 Detection and protection of computer crimes
 Laws governing protection of ICT
 Microsoft suite

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.

© TVET CDACC 2019 14

 1. Critical Assessment requires evidence that the candidate:
Aspects of 1.1 Identified and controlled security threats
Competenc 1.2 Detected and protected computer crimes
y 1.3 Applied word processing in office tasks
1.4 Designed, prepared work sheet and applied data to the
cells in accordance to workplace procedures
1.5 Opened electronic mail for office communication as
per workplace procedure
1.6 Installed internet and World Wide Web for office
tasks in accordance with office procedures
1.7 Integrated emerging issues in computer ICT
applications
1.8 Applied laws governing protection of ICT
2. Resource The following resources should be provided:
Implication 2.1 Tablets
s 2.2 Laptops
2.3 Desktop computers
2.4 Calculators
2.5 Internet
2.6 Smart phones
2.7 Operation Manuals
3. Methods of Competency may be assessed through:
Assessment 3.1 Written Test
3.2 Observation
3.3 Practical assignment
3.4 Interview/Oral Questioning
4. Context of Competency may be assessed in:
Assessment 4.1 Off the job
4.2 On the job setting
4.3 Industrial attachment
5. Guidance Holistic assessment with other units relevant to the industry
information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 15

 DEMONSTRATE ENTREPRENEURIAL SKILLS

UNIT CODE : SES/OS/CS/BC/04/5/A

UNIT DESCRIPTION
This unit covers the competencies required to demonstrate understanding of
entrepreneurship. It involves demonstrating understanding of an entrepreneur,
entrepreneurship, and self-employment, identifying entrepreneurship opportunities,
creating entrepreneurial awareness, applying entrepreneurial motivation, developing
business innovative strategies and developing business plan.
ELEMENTS AND PERFORMANCE CRITERIA

ELEMENT PERFORMANCE CRITERIA

1. Demonstrate 1.1 Entrepreneurs and Businesspersons are

understanding of an distinguished as per principles of
Entrepreneur entrepreneurship
1.2 Types of entrepreneurs are identified as per
principles of entrepreneurship
1.3 Ways of becoming an Entrepreneur are
identified as per principles of
Entrepreneurship
1.4 Characteristics of Entrepreneurs are
identified as per principles of
Entrepreneurship
1.5 Factors affecting Entrepreneurship
development are explored as per principles
of Entrepreneurship
2. Demonstrate 2.1 Entrepreneurship and self-employment are
understanding of distinguished as per principles of
Entrepreneurship and entrepreneurship
self-employment 2.2 Importance of self-employment is analysed
based on business procedures and strategies
2.3 Requirements for entry into self-
employment are identified according to
business procedures and strategies
2.4 Role of an Entrepreneur in business is
determined according to business procedures
and strategies
2.5 Contributions of Entrepreneurs to National
development are identified as per business
procedures and strategies
2.6 Entrepreneurship culture in Kenya is
explored as per business procedures and
strategies
2.7 Born or made Entrepreneurs are
distinguished as per entrepreneurial traits
3. Identify Entrepreneurship 3.1 Sources of business ideas are identified as
opportunities per business procedures and strategies

© TVET CDACC 2019 16

 3.2 Business ideas and opportunities are
generated as per business procedures and
strategies
3.3 Business life cycle is analysed as per
business procedures and strategies
3.4 Legal aspects of business are identified as
per procedures and strategies
3.5 Product demand is assessed as per market
strategies
3.6 Types of business environment are
identified and evaluated as per business
procedures
3.7 Factors to consider when evaluating business
environment are explored based on business
procedure and strategies
3.8 Technology in business is incorporated as
per best practice
4. Create entrepreneurial 4.1 Forms of businesses are explored as per
awareness business procedures and strategies
4.2 Sources of business finance are identified as
per business procedures and strategies
4.3 Factors in selecting source of business
finance are identified as per business
procedures and strategies
4.4 Governing policies on Small Scale
Enterprises (SSEs) are determined as per
business procedures and strategies
4.5 Problems of starting and operating SSEs are
explored as per business procedures and
strategies
5. Apply entrepreneurial 5.1 Internal and external motivation factors are
motivation determined in accordance with motivational
theories
5.2 Self-assessment is carried out as per
entrepreneurial orientation
5.3 Effective communications are carried out in
accordance with communication principles
5.4 Entrepreneurial motivation is applied as per
motivational theories
6. Develop innovative 6.1 Business innovation strategies are
business strategies determined in accordance with the
organization strategies
6.2 Creativity in business development is
demonstrated in accordance with business
strategies
6.3 Innovative business strategies are developed
as per business principles
6.4 Linkages with other entrepreneurs are
created as per best practice
6.5 ICT is incorporated in business growth and
development as per best practice
7. Develop Business Plan 7.1 Identified Business is described as per

© TVET CDACC 2019 17

 business procedures and strategies
7.2 Marketing plan is developed as per business
plan format
7.3 Organizational/Management plan is prepared
in accordance with business plan format
7.4 Production/operation plan in accordance
with business plan format
7.5 Financial plan is prepared in accordance with
the business plan format
7.6 Executive summary is prepared in
accordance with business plan format
7.7 Business plan is presented as per best
practice

RANGE
This section provides work environment and conditions to which the performance
criteria apply. It allows for different work environment and situations that will affect
performance.

1. Variable Range

2. Types of entrepreneurs may  Innovators

include but not limited to:  Imitators
 Craft
 Opportunistic
 Speculators
3. Characteristics of Entrepreneurs  Creative
may include but not limited to:  Innovative
 Planner
 Risk taker
 Networker
 Confident
 Flexible
 Persistent
 Patient
 Independent
 Future oriented
 Goal oriented
4. Requirements for entry into self-  Technical skills
employment may include but not  Management skills
limited to  Entrepreneurial skills
 Resources
 Infrastructure
5. Internal and external motivation  Interest
may include but not limited to:  Passion
 Freedom
 Prestige
 Rewards
 Punishment
 Enabling environment
 Government policies

© TVET CDACC 2019 18

 6. Business environment may  External
include but not limited to:  Internal
 Intermediate
7. Forms of businesses may include  Sole proprietorship
but not limited to:  Partnership
 Limited companies
 Cooperatives
8. Governing policies may include  Increasing scope for finance
but not limited to:  Promoting cooperation between
entrepreneurs and private sector
 Reducing regulatory burden on
entrepreneurs
 Developing IT tools for
entrepreneurs
9. Innovative business strategies may  New products
include but not limited to:  New methods of production
 New markets
 New sources of supplies
 Change in industrialization

REQUIRED SKILLS AND KNOWLEDGE

This section describes the skills and knowledge required for this unit of competency.

Required Skills
The individual needs to demonstrate the following skills:
 Analytical
 Management
 Problem-solving
 Root-cause analysis
 Communication

Required Knowledge
The individual needs to demonstrate knowledge of:
 Decision making
 Business communication
 Change management
 Competition
 Risk
 Net working
 Time management
 Leadership
 Factors affecting entrepreneurship development
 Principles of Entrepreneurship

© TVET CDACC 2019 19

  Features and benefits of common operational practices, e. g., continuous
improvement (kaizen), waste elimination,
 Conflict resolution
 Health, safety and environment (HSE) principles and requirements
 Customer care strategies
 Basic financial management
 Business strategic planning
 Impact of change on individuals, groups and industries
 Government and regulatory processes
 Local and international market trends
 Product promotion strategies
 Market and feasibility studies
 Government and regulatory processes
 Local and international business environment
 Relevant developments in other industries
 Regional/ County business expansion strategies

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.

1. Critical Aspects of Assessment requires evidence that the candidate:

Competency 1.1 Distinguished entrepreneurs and business persons
correctly
1.2 Identified ways of becoming an entrepreneur
appropriately
1.3 Explored factors affecting entrepreneurship
development appropriately
1.4 Analysed importance of self-employment
accurately
1.5 Identified requirements for entry into self-
employment correctly
1.6 Identified sources of business ideas correctly
1.7 Generated Business ideas and opportunities
correctly
1.8 Analysed business life cycle accurately
1.9 Identified legal aspects of business correctly
1.10 Assessed product demand accurately
1.11 Determined Internal and external motivation
factors appropriately
1.12 Carried out communications effectively
1.13 Identified sources of business finance correctly
1.14 Determined Governing policy on small scale
enterprise appropriately
1.15 Explored problems of starting and operating
SSEs effectively

© TVET CDACC 2019 20

 1.16 Developed Marketing,
Organizational/Management,
Production/Operation and Financial plans
correctly
1.17 Prepared executive summary correctly
1.18 Determined business innovative strategies
appropriately
1.19 Presented business plan effectively
2. Resource The following resources should be provided:
Implications 2.1 Access to relevant workplace where assessment
can take place
2.2 Appropriately simulated environment where
assessment can take place
3. Methods of Competency may be assessed through:
Assessment 3.1 Written tests
3.2 Oral questions
3.3 Third party report
3.4 Interviews
3.5 Portfolio
4. Context of Competency may be assessed:
Assessment 4.1 On-the-job
4.2 Off-the –job
4.3 During Industrial attachment
5. Guidance Holistic assessment with other units relevant to the
information for industry sector, workplace and job role is
assessment recommended.

© TVET CDACC 2019 21

 DEMONSTRATE EMPLOYABILITY SKILLS

UNIT CODE: SES/OS/CS/BC/05/5/A

Unit Description
This unit covers competencies required to demonstrate employability skills. It
involves conducting self-management, demonstrating interpersonal communication,
critical safe work habits, leading small teams, planning and organizing work,
maintaining professional growth and development, demonstrating workplace learning,
problem solving skills and managing workplace ethics.

ELEMENTS AND PERFORMANCE CRITERIA

ELEMENT PERFORMANCE CRITERIA

These describe the key These are assessable statements which specify the
outcomes which make required level of performance for each of the elements.
up workplace function.
Bold and italicized terms are elaborated in the Range

1. Conduct self- 1.1 Personal vision, mission and goals are formulated
management based on potential and in relation to organization
objectives
1.2 Emotional intelligence is demonstrated as per
workplace requirements.
1.3 Individual performance is evaluated and monitored
according to the agreed targets.
1.4 Assertiveness is developed and maintained based on
the requirements of the job.
1.5 Accountability and responsibility for own actions
are demonstrated based on workplace instructions.
1.6 Self-esteem and a positive self-image are developed
and maintained based on values.
1.7 Time management, attendance and punctuality are
observed as per the organization policy.
1.8 Goals are managed as per the organization’s
objective
1.9 Self-strengths and weaknesses are identified based
on personal objectives
2. Demonstrate 2.1 Writing skills are demonstrated as per
interpersonal communication policy
communication 2.2 Negotiation and persuasion skills are demonstrated
as per communication policy
2.3 Internal and external stakeholders’ needs are
identified and interpreted as per the communication

© TVET CDACC 2019 22

 policy
2.4 Communication networks are established based on
workplace policy
2.5 Information is shared as per communication policy
3. Demonstrate 3.1 Stress is managed in accordance with workplace
critical safe policy.
work habits 3.2 Punctuality and time consciousness is demonstrated
in line with workplace policy.
3.3 Personal objectives are integrated with organization
goals based on organization’s strategic plan.
3.4 Resources are utilized in accordance with workplace
policy.
3.5 Work priorities are set in accordance to workplace
goals and objectives.
3.6 Leisure time is recognized and utilized in line with
personal objectives.
3.7 Drugs and substances of abuse are identified and
avoided based on workplace policy.
3.8 HIV and AIDS prevention awareness is
demonstrated in line with workplace policy.
3.9 Safety consciousness is demonstrated in the
workplace based on organization safety policy.
3.10 Emerging issues are identified and dealt with in
accordance with organization policy.
4. Lead small 4.1 Performance targets for the team are set based on
teams organization’s objectives
4.2 Duties are assigned in accordance with the
organization policy.
4.3 Forms of communication in a team are established
according to organization’s policy.
4.4 Team performance is evaluated based on set targets
as per workplace policy.
4.5 Conflicts are resolved between team members in
line with organization policy.
4.6 Gender related issues are identified and
mainstreamed in accordance workplace policy.
4.7 Human rights and fundamental freedoms are
identified and respected as Constitution of Kenya
2010.
4.8 Healthy relationships are developed and maintained
in line with workplace.
5. Plan and 5.1 Task requirements are identified as per the
organize work workplace objectives
5.2 Task is interpreted in accordance with safety
(OHS ), environmental requirements and quality
requirements
5.3 Work activity is organized with other involved
personnel as per the SOPs
5.4 Resources are mobilized, allocated and utilized to

© TVET CDACC 2019 23

 meet project goals and deliverables.
5.5 Work activities are monitored and evaluated in line
with organization procedures.
5.6 Job planning is documented in accordance with
workplace requirements.
5.7 Time is managed achieve workplace set goals and
objectives.
6. Maintain 6.1 Personal training needs are identified and assessed
professional in line with the requirements of the job.
growth and 6.2 Training and career opportunities are identified
development and utilized based on job requirements.
6.3 Resources for training are mobilized and allocated
based organizations and individual skills needs.
6.4 Licensees and certifications relevant to job and
career are obtained and renewed as per policy.
6.5 Work priorities and personal commitments are
balanced and managed based on requirements of the
job and personal objectives.
6.6 Recognitions are sought as proof of career
advancement in line with professional requirements.
7. Demonstrate 7.1 Learning opportunities are sought and managed
workplace based on job requirement and organization policy.
learning 7.2 Improvement in performance is demonstrated based
on courses attended.
7.3 Application of learning is demonstrated in both
technical and non-technical aspects based on
requirements of the job
7.4 Time and effort is invested in learning new skills
based on job requirements
7.5 Initiative is taken to create more effective and
efficient processes and procedures in line with
workplace policy.
7.6 New systems are developed and maintained in
accordance with the requirements of the job.
7.7 Awareness of personal role in workplace innovation
is demonstrated based on requirements of the job.
8. Demonstrate 8.1 Creative, innovative and practical solutions are
problem solving developed based on the problem
skills 8.2 Independence and initiative in identifying and
solving problems is demonstrated based on
requirements of the job.
8.3 Team problems are solved as per the workplace
guidelines
8.4 Problem solving strategies are applied as per the
workplace guidelines
8.5 Problems are analyzed and assumptions tested as per
the context of data and circumstances
9. Demonstrate 9.1 Policies and guidelines are observed as per the
workplace workplace requirements

© TVET CDACC 2019 24

 ethics 9.2 Self-worth and professionalism is exercised in line
with personal goals and organizational policies
9.3 Code of conduct is observed as per the workplace
requirements
9.4 Integrity is demonstrated as per legal requirement

RANGE
This section provides work environment and conditions to which the performance
criteria apply. It allows for different work environment and situations that will affect
performance.

Range Variable

1. Drug and Commonly abused

substance abuse  Alcohol
may include but  Tobacco
not limited to:  Miraa
 Over-the-counter drugs
 Cocaine
 Bhang
 Glue
2. Feedback may  Verbal
include but not  Written
limited to:  Informal
 Formal
3. Relationships  Man/Woman
may include but  Trainer/trainee
not limited to:  Employee/employer
 Client/service provider
 Husband/wife
 Boy/girl
 Parent/child
 Sibling relationships

4. Forms of  Written
communication  Visual
may include but  Verbal
not limited to:  Non verbal
 Formal and informal
5. Team may  Small work group
include but not  Staff in a section/department
limited to:  Inter-agency group
6. Personal growth  Growth in the job
may include but  Career mobility
not limited to:  Gains and exposure the job gives
 Net workings
 Benefits that accrue to the individual as a result of
noteworthy performance

© TVET CDACC 2019 25

 7. Personal  Long term
objectives may  Short term
include but not  Broad
limited to:  Specific
8. Trainings and  Participation in training programs
career  Technical
opportunities  Supervisory
may include but  Managerial
not limited to  Continuing Education
 Serving as Resource Persons in conferences and workshops
9. Resource may  Human
include but not  Financial
limited to:  Hardware
 Software
10. Innovation may  New ideas
include but not  Original ideas
limited to:  Different ideas
 Methods/procedures
 Processes
 New tools
11. Emerging issues  Terrorism
may include but  Social media
not limited to:  National cohesion
 Open offices
12. Range of media  Mentoring
for learning may  peer support and networking
include but not  IT and courses
limited to:

REQUIRED SKILLS AND KNOWLEDGE

This section describes the skills and knowledge required for this unit of competency.
Required Skills
The individual needs to demonstrate the following skills:
 Communication
 Critical thinking
 Observation
 Organizing
 Negotiation
 Monitoring
 Evaluation
 Record keeping
 Problem solving
 Decision Making
 Resource utilization
 Resource mobilization

© TVET CDACC 2019 26

Required Knowledge
The individual needs to demonstrate knowledge of:
 Work values and ethics
 Company policies
 Company operations, procedures and standards
 Occupational Health and safety procedures
 Fundamental rights at work
 Personal hygiene practices
 Workplace communication
 Concept of time
 Time management
 Decision making
 Types of resources
 Work planning
 Resources and allocating resources
 Organizing work
 Monitoring and evaluation
 Record keeping
 Workplace problems and how to deal with them
 Gender mainstreaming
 HIV and AIDS
 Drug and substance abuse
 Leadership
 Safe work habits
 Professional growth and development
 Technology in the workplace
 Emerging issues
 Social media
 Terrorism
 National cohesion

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.

2. Critical Assessment requires evidence that the candidate:

aspects of 1.1 Conducted self-management
Competency 1.2 Demonstrated interpersonal communication
1.3 Demonstrated critical safe work habits
1.4 Led small teams
1.5 Planned and organized work
1.6 Maintained professional growth and development
1.7 Demonstrated workplace learning
1.8 Demonstrated problem solving skills
1.9 Demonstrated workplace ethics
4. Resource The following resources should be provided:
Implications 2.1 Access to relevant workplace where assessment can take place

© TVET CDACC 2019 27

 2.2 Appropriately simulated environment where assessment can take
place
6. Methods of Competency in this unit may be assessed through:
Assessment 3.1 Oral questioning
3.2 Portfolio of evidence
3.3 Third Party Reports
3.4 Written tests
8. Context of Competency may be assessed:
Assessment 4.1 On-the-job
4.2 Off-the –job
4.3 During Industrial attachment
9. Guidance Holistic assessment with other units relevant to the industry sector,
information workplace and job role is recommended.
for assessment

© TVET CDACC 2019 28

 DEMONSTRATE ENVIRONMENTAL LITERACY
UNIT CODE: SES/OS/CS/BC/06/5/A

UNIT DESCRIPTION
This unit describes the competencies required to demonstrate understanding of
environmental literacy. It involves controlling environmental hazard, controlling
control environmental pollution, complying with workplace sustainable resource use,
evaluating current practices in relation to resource usage, identifying environmental
legislations/conventions for environmental concerns, implementing specific
environmental programs and monitoring activities on environmental
protection/programs.

ELEMENTS AND PERFORMANCE CRITERIA

PERFORMANCE CRITERIA
ELEMENT
These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function.
Bold and italicized terms are elaborated in the Range

1. Control 1.1 Storage methods for environmentally hazardous

environmental materials are strictly followed according to
hazard environmental regulations and OSHS.
1.2 Disposal methods of hazardous wastes are
followed always according to environmental
regulations and OSHS.
1.3 PPE is used according to OSHS.
2. Control 2.1 Environmental pollution control measures are
environmental compiled following standard protocol.
Pollution control 2.2 Procedures for solid waste management are
observed according to Environmental
Management and Coordination Act 1999
2.3 Methods for minimizing noise pollution is
complied with based on Noise and Excessive
Vibration Pollution and Control Regulations,
2009
3. Demonstrate 3.1 Methods for minimizing wastage are complied
sustainable with.
resource use 3.2 Waste management procedures are employed
following principles of 3Rs (Reduce, Reuse,
Recycle)
3.3 Methods for economizing and reducing resource
consumption are practiced as per the
Environmental Management and Coordination

© TVET CDACC 2019 29

 Act 1999
4. Evaluate current 4.1 Information on resource efficiency systems and
practices in procedures are collected and provided to the
relation to resource work group where appropriate.
usage 4.2 Current resource usage is measured and recorded
by members of the work group.
4.3 Current purchasing strategies are analyzed and
recorded according to industry procedures.
4.4 Current work processes to access information
and data is analyzed following enterprise
protocol.
5. Identify 5.1 Environmental legislations/conventions and
Environmental local ordinances are identified according to the
legislations/conven different environmental aspects/impact
tions for 5.2 Industrial standard/environmental practices are
environmental described according to the different
concerns environmental concerns
6. Implement specific 6.1 Programs/Activities are identified according to
environmental organizations policies and guidelines.
programs 6.2 Individual roles/responsibilities are
determined and performed based on the activities
identified.
6.3 Problems/constraints encountered are resolved in
accordance with organizations’ policies and
guidelines
6.4 Stakeholders are consulted based on company
guidelines
7. Monitor activities 7.1 Activities are periodically monitored and
on Environmental evaluated according to the objectives of the
protection/Program environmental Program
s 7.2 Feedback from stakeholders are gathered and
considered in proposing enhancements to the
program based on consultations
7.3 Data gathered are analyzed based on evaluation
requirements
7.4 Recommendations are submitted based on the
findings
7.5 Management support systems are set/established
to sustain and enhance the program
7.6 Environmental incidents are monitored and
reported to concerned/proper authorities

RANGE

© TVET CDACC 2019 30

This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range

1. PPE may include  Mask

but not limited to:  Gloves
 Goggles
 Safety hat
 Overall
 Hearing protector
 Safety boots
2. Environmental  Methods for minimizing or stopping spread and
pollution control ingestion of airborne particles
measures may  Methods for minimizing or stopping spread and
include but not ingestion of gases and fumes
limited to:  Methods for minimizing or stopping spread and
ingestion of liquid wastes
3. Waste management  Sorting
procedures may  Storing of items
include but not  Recycling of items
limited to:  Disposal of items
4. Resources may  Electric
include but not  Water
limited to:  Fuel
 Telecommunications
 Supplies
 Materials
5. Workplace  Biological hazards
environmental  Chemical and dust hazards
hazards may  Physical hazards
include but not
limited to:
6. Organizational  Supply chain, procurement and purchasing
systems and  Quality assurance
procedures may  Making recommendations and seeking
include but not approvals
limited to:

REQUIRED SKILLS AND KNOWLEDGE

This section describes the skills and knowledge required for this unit of competency.
Required Skills
The individual needs to demonstrate the following skills:
 Observation
 Measuring

© TVET CDACC 2019 31

  Writing
 Communication
 Analytical
 Monitoring
 Evaluation

Required Knowledge
The individual needs to demonstrate knowledge of:
 Storage methods of environmentally hazardous materials
 Disposal methods of hazardous wastes
 Usage of PPE Environmental regulations
 OSHS
 Types of pollution
 Environmental pollution control measures
 Different solid wastes
 Solid waste management
 Different noise pollution
 Methods of minimizing noise pollution
 Solid Waste Act
 Methods of minimizing wastage
 Waste management procedures
 Economizing of resource consumption
 3Rs principle
 Types of resources
 Techniques in measuring current usage of resources
 Calculating current usage of resources
 Types of workplace environmental hazards
 Environmental regulations
 Environmental regulations applying to the enterprise.
 Measurement and recording of current resource usage
 Analysis current work processes to access information and data Analysis of
data and information
 Identification of areas for improvement
 Resource consuming processes
 Determination of quantity and nature of resource consumed
 Analysis of resource flow of different parts of the resource flow process
 Use/conversion of resources
 Causes of low efficiency of use
 Increasing the efficiency of resource use
 Inspection of resource use plans
 Regulations/licensing requirements
 Determine benefit/cost for alternative resource sources
 Benefit/costs for different alternatives
 Components of proposals
 Criteria on ranking proposals
 Regulatory requirements
 Proposals for improving resource efficiency
 Implementation of resource efficiency plans

© TVET CDACC 2019 32

  Procedures in monitor implementation
 Adjustments of implementation plan
 Inspection of new resource usage

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.

1. Critical Assessment requires evidence that the candidate:

Aspects of 1.1 Controlled environmental hazard
Competency 1.2 Controlled environmental pollution
1.3 Demonstrated sustainable resource use
1.4 Evaluated current practices in relation to resource
usage
1.5 Demonstrated knowledge of environmental
legislations and local ordinances according to the
different environmental issues /concerns.
1.6 Described industrial standard environmental practices
according to the different environmental
issues/concerns.
1.7 Resolved problems/ constraints encountered based on
management standard procedures
1.8 Implemented and monitored environmental practices
on a periodic basis as per company guidelines
1.9 Recommended solutions for the improvement of the
Program
1.10 Monitored and reported to proper authorities any
environmental incidents
2. Resource The following resources should be provided:
Implications 2.1 Workplace with storage facilities
2.2 Tools, materials and equipment relevant to the tasks
(ex. Cleaning tools, cleaning materials, trash bags,
etc.)
2.3 PPE
2.4 Manuals and references
2.5 Legislation, policies, procedures, protocols and local
ordinances relating to environmental protection
2.6 Case studies/scenarios relating to environmental
Protection
3. Methods of Competency in this unit may be assessed through:
Assessment 3.1 Observation
3.2 Oral questioning
3.3 Written test
3.4 Interview/Third Party Reports
3.5 Portfolio of evidence
4. Context of Competency may be assessed:
Assessment 4.1 On-the-job

© TVET CDACC 2019 33

 4.2 Off-the –job
4.3 During Industrial attachment
5. Guidance Holistic assessment with other units relevant to the industry
information sector, workplace and job role is recommended.
for
assessment

© TVET CDACC 2019 34

 DEMONSTRATE OCCUPATIONAL SAFETY AND HEALTH PRACTICES

UNIT CODE: SES/OS/CS/BC/07/5/A

UNIT DESCRIPTION
This unit specifies the competencies required to identify workplace hazards and risk,
identify and implement appropriate control measures and implement OSH programs,
procedures and policies/ guidelines

ELEMENTS AND PERFORMANCE CRITERIA

PERFORMANCE CRITERIA
ELEMENT
These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function.
Bold and italicized terms are elaborated in the Range

1. Identify workplace 1.1 Hazards in the workplace are identified based

hazards and risk their indicators
1.2 Risks and hazards are evaluated based on legal
requirements.
1.3 OSH concerns raised by workers are addressed
as per legal requirements.
2. Control OSH 2.1 Hazard prevention and control measures are
hazards implemented as per legal requirement.
2.2 Risk assessment is conducted and a risk matrix
developed based on likely impact.
2.3 Contingency measures, including emergency
procedures during workplace incidents and
emergencies are recognized and established in
accordance with organization procedures.
3. Implement OSH 3.1 Company OSH program are identified, evaluated
programs and reviewed based on legal requirements.
3.2 Company OSH programs are implemented as per
legal requirements.
3.3 Workers are capacity built on OSH standards and
procedures as per legal requirements
3.4 OSH-related records are maintained as per legal
requirements.

RANGE

© TVET CDACC 2019 35

This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range

1. Hazards may  Physical hazards

include but are not  Biological hazards
limited to:  Chemical hazards
 Ergonomics
 Psychological factors
 Physiological factors
 Safety hazards
 Unsafe workers’ act
2. Indicators may  Increased of incidents of accidents, injuries
include but are not  Increased occurrence of sickness or health
limited to: complaints/ symptoms
 Common complaints of workers related to
OSH
 High absenteeism for work-related reasons
3. Evaluation and/or  Health Audit
work environment  Safety Audit
measurements may  Work Safety and Health Evaluation
include but are not  Work Environment Measurements of Physical
limited to: and Chemical Hazards

4. OSH issues and/or  Workers’ experience/observance on presence

concerns may of work hazards
include but are not  Unsafe/unhealthy administrative arrangements
limited to: (prolonged work hours, no break time,
constant overtime, scheduling of tasks)
 Reasons for compliance/non-compliance to
use of PPEs or other OSH
procedures/policies/guidelines
5. Prevention and  Eliminate the hazard
control measures  Isolate the hazard
may include but are  Substitute the hazard with a safer alternative
not limited to:  Use administrative controls to reduce the risk
 Use engineering controls to reduce the risk
 Use personal protective equipment
 Safety, Health and Work Environment
Evaluation
 Periodic and/or special medical examinations
of workers

© TVET CDACC 2019 36

 6. Safety gears /PPE  Arm/Hand guard, gloves
(Personal  Eye protection (goggles, shield)
Protective  Hearing protection (ear muffs, ear plugs)
Equipment’s) may  Hair Net/cap/bonnet
include but are not  Hard hat
limited to:  Face protection (mask, shield)
 Apron/Gown/coverall/jump suit
 Anti-static suits
 High-visibility reflective vest
7. Appropriate risk  Eliminate the hazard altogether
controls  Isolate the hazard from anyone who could be
harmed
 Substitute the hazard with a safer alternative
 Use administrative controls to reduce the risk
 Use engineering controls to reduce the risk
 Use personal protective equipment
8. Contingency  Evacuation
measures may  Isolation
include but are not  Decontamination
limited to:  Emergency personnel

9. Emergency  Fire drill

procedures may  Earthquake drill
include but are not  Basic life support/CPR
limited to:  First aid
 Spillage control
 Decontamination of chemical and toxic
 Disaster preparedness/management
 Set of fire-extinguisher
10. Incidents and  Chemical spills
emergencies may  Equipment/vehicle accidents
include but are not  Explosion
limited to:  Fire
 Gas leak
 Injury to personnel
 Structural collapse
 Toxic and/or flammable vapors emission.
11. OSH-related  Medical/Health records
Records may  Incident/accident reports
include but are not  Sickness notifications/sick leave application
limited to:  OSH-related trainings obtained

REQUIRED SKILLS AND KNOWLEDGE

This section describes the skills and knowledge required for this unit of competency.
Required Skills

© TVET CDACC 2019 37

The individual needs to demonstrate the following skills:
 Communication
 Interpersonal
 Presentation
 Risk assessment
 Evaluation
 Critical thinking
 Problem solving
 Negotiation

Required Knowledge
The individual needs to demonstrate knowledge of:
 General OSH Principles
 Occupational hazards/risks recognition
 OSH organizations providing services on OSH evaluation and/or work
environment measurements (WEM)
 National OSH regulations; company OSH policies and protocols
 Systematic gathering of OSH issues and concerns
 General OSH principles
 National OSH regulations
 Company OSH and recording protocols, procedures and policies/guidelines
 Training and/or counseling methodologies and strategies

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.

1. Critical Assessment requires evidence that the candidate:

Aspects of 1.1 Identified hazards in the workplace based their
Competency indicators
1.2 Evaluated workplace hazards based on legal
requirements.
1.3 Addressed OSH concerns raised by workers as per
legal requirements.
1.4 Implemented hazard prevention and control
measures as per legal requirement.
1.5 Conducted risk assessment as per legal requirement.
1.6 Developed risk matrix based on likely impact.
1.7 Recognized and established contingency measures in
accordance with organization procedures.
1.8 Identified, evaluated and reviewed company OSH
program based on legal requirements.
1.9 Implemented company OSH programs as per legal
requirements.

© TVET CDACC 2019 38

 1.10 Capacity built workers on OSH standards and
procedures as per legal requirements
1.11 Maintained OSH-related records as per legal
requirements.
2. Resource The following resources should be provided:
Implications 2.1 Access to relevant workplace where assessment can
take place
2.2 Appropriately simulated environment where
assessment can take place
3. Methods of Competency in this unit may be assessed through:
Assessment 3.1 Observation
3.2 Oral questioning
3.3 Written test
3.4 Portfolio of Evidence
3.5 Interview
3.6 Third party report
4. Context of Competency may be assessed:
Assessment 4.1 On-the-job
4.2 Off-the –job
4.3 During Industrial attachment
5. Guidance Holistic assessment with other units relevant to the industry
information sector, workplace and job role is recommended.
for
assessment

© TVET CDACC 2019 39

 COMMON UNITS OF COMPETENCY

© TVET CDACC 2019 40

 DEMONSTRATE DIGITAL LITERACY

UNIT CODE: SEC/OS/CS/CC/01/6/A

UNIT DESCRIPTION
This unit covers the competencies required to effectively use digital devices such as
smart phones, tablets, laptops and desktop PCs. It entails identifying appropriate
computer software and hardware, applying security measures to data, hardware, and
software in automated environment, computer software in solving tasks, internet and
email in communication at workplace, desktop publishing in official assignments and
preparing presentation packages.

ELEMENTS AND PERFORMANCE CRITERIA

ELEMENT PERFORMANCE CRITERIA
These describe the These are assessable statements which specify the required
key outcomes which level of performance for each of the elements.
make up workplace Bold and italicized terms are elaborated in the Range
functions.
1. Identify 1.1 Concepts of ICT are determined in accordance with
appropriate computer equipment.
computer 1.2 Classifications of computers are determined in
software and accordance with manufacturer’s specification.
hardware. 1.3 Appropriate computer software is identified according to
manufacturer’s specification.
1.4 Appropriate computer hardware is identified according
to manufacturer’s specification.
1.5 Functions and commands of operating system are
determined in accordance with manufacturer’s
specification.
2. Apply security 2.1 Data security and privacy are classified in accordance
measures to with the prevailing technology.
data, hardware, 2.2 Security threats are identified, and control measures are
and software in applied in accordance with laws governing protection of
automated ICT.
environment. 2.3 Computer threats and crimes are detected.
2.4 Protection against computer crimes is undertaken in
accordance with laws governing protection of ICT.
3. Apply computer 3.1 Word processing concepts are applied in resolving
software in workplace tasks, report writing and documentation.
solving tasks 3.2 Word processing utilities are applied in accordance with
workplace procedures.
3.3 Worksheet layout is prepared in accordance with work
procedures.
3.4 Worksheets are built, and data manipulated in the

© TVET CDACC 2019 41

ELEMENT PERFORMANCE CRITERIA
These describe the These are assessable statements which specify the required
key outcomes which level of performance for each of the elements.
make up workplace Bold and italicized terms are elaborated in the Range
functions.
worksheets in accordance with workplace procedures.
3.5 Continuous data manipulated on worksheet is undertaken
in accordance with work requirements
3.6 Database design and manipulation is undertaken in
accordance with office procedures.
3.7 Data sorting, indexing, storage, retrieval and security is
provided in accordance with workplace procedures.
4. Apply internet 4.1 Electronic mail addresses are opened and applied in
and email in workplace communication in accordance with
communication ORGANIZATION ICT policy.
at workplace. 4.2 Office internet functions are defined and executed in
accordance with office procedures.
4.3 Network configuration is determined in accordance with
office operations procedures.
4.4 Security measures are put in place in line with the
organization’s ICT policy
4.5 Official World Wide Web is installed and managed
according to workplace procedures.
5. Apply Desktop 5.1 Desktop publishing functions and tools are identified in
publishing in accordance with manufactures specifications.
official 5.2 Desktop publishing tools are developed in accordance
assignments. with work requirements.
5.3 Desktop publishing tools are applied in accordance with
workplace requirements.
5.4 Typeset work is enhanced in accordance with workplace
standards.
6. Prepare 6.1 Types of presentation packages are identified in
presentation accordance with office requirements.
packages. 6.2 Slides are created and formulated in accordance with
workplace procedures.
6.3 Slides are edited and run in accordance with work
procedures.
6.4 Slides and handouts are printed according to work
requirements.

© TVET CDACC 2019 42

RANGE
This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range
1. Appropriate  Computer case, monitor, keyboard, and mouse
computer  All the parts inside the computer case, such as the
hardware may hard disk drive, motherboard and video card.
includes but not
limited to:
2. Data security and  Confidentiality of data.
privacy may  Cloud computing.
includes but not  Authenticity
limited to:  Availability
 Integrity
 Non-repudiation
 Integrity-but-curious data surfing.
3. Security and  Counter measures against cyber terrorism.
control  Risk reduction.
Measures may  Cyber threat issues.
include but not  Risk management.
limited to:  Pass-wording.
 Authorization
 Encryption
4. Security threats  Cyber terrorism.
may includes but  Hacking.
not limited to:

© TVET CDACC 2019 43

REQUIRED SKILLS AND KNOWLEDGE
This section describes the skills and knowledge required for this unit of competency.
Required Skills
The individual needs to demonstrate the following skills:
 Analytical skills.
 Interpretation.
 Typing.
 Communication.
 Computing applying arithmetic operations.
 Basic ICT skills.

Required Knowledge
The individual needs to demonstrate knowledge of:
 Functions of computer software and hardware.
 Data security and privacy.
 Computer security threats and control measures.
 Technology underlying cyber-attacks and networks.
 Cyber terrorism and computer crimes.
 Detection and protection of computer crimes.
 Laws governing protection of ICT.
 Functions and concepts of word processing.
o Documents and tables creation and manipulations.
o Mail merging.
o Word processing utilities.
 Spread sheets;
 Meaning, formulae, function and charts, uses and layout.
 Data formulation, manipulation and application to cells.
 Database;
 Database design, data manipulation, sorting, indexing, storage retrieval and
security
 Desktop publishing;
 Designing and developing desktop publishing tools.
 Manipulation of desktop publishing tools.
 Enhancement of typeset work and printing documents.
 Presentation Packages;
 Types of presentation packages.
 Creating, formulating, running, editing, printing and presenting slides and
handouts.
 Networking and Internet;
 Computer networking and internet.
 Electronic mail and World Wide Web.
 Emerging trends and issues in ICT;
 Identify and integrate emerging trends and issues in ICT.
 Challenges posed by emerging trends and issues.

EVIDENCE GUIDE

© TVET CDACC 2019 44

This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and knowledge and range.
1. Critical Assessment requires evidence that the candidate:
Aspects of 1.1 Identified and controlled security threats.
Competency. 1.2 Detected and protected computer crimes.
1.3 Applied word processing in office tasks.
1.4 Designed, prepared work sheet and applied data to the
cells in accordance to workplace procedures.
1.5 Opened electronic mail for office communication as per
workplace procedure.
1.6 Installed internet and World Wide Web for office tasks in
accordance with office procedures.
1.7 Integrated emerging issues in computer ICT applications.
1.8 Applied laws governing protection of ICT.
2. Resource The following resources should be provided:
Implications 2.1 Access to relevant workplace where assessment can
for take place
competence 2.2 Appropriately simulated environment where assessment
certification can take place
2.3 Materials relevant to the proposed activity or tasks
3. Methods of Competency may be assessed through:
Assessment. 3.1 Written Test.
3.2 Demonstration.
3.3 Practical assignment.
3.4 Interview/Oral Questioning.
3.5 Demonstration.
4. Context of Competency may be assessed in an off and on the job setting.
Assessment.
5. Guidance Holistic assessment with other units relevant to the industry
information sector, workplace and job role is recommended.
for
assessment.

© TVET CDACC 2019 45

 CORE UNITS OF COMPETENCY

© TVET CDACC 2019 46

 PERFORM COMPUTER REPAIR AND MAINTENANCE

UNIT CODE: SEC/OS/CS/CR/01/6/A

UNIT DESCRIPTION
This unit covers the competencies required to perform computer repair and
maintenance. It entails performing troubleshooting, dismantling faulty components,
repairing/replacing faulty components, upgrading computer software/hardware, and
preparing and documenting maintenance reports.
ELEMENTS AND PERFORMANCE CRITERIA
PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
required level of performance for each of the
These describe the key
elements.
outcomes which make up
workplace function. (Bold and italicised terms are elaborated in the
Range)
1.1 Performance issues in the machine are
1. Perform troubleshooting
identified as per the workplace procedures
1.2 Hardware and software are diagnosed in line
with the standard operating procedure
1.3 Testing and troubleshooting tools are
established as pert the industry best practices
2.1 Components to be dismantled are identified
2. Dismantle faulty
2.2 Components are dismantled in line with the
components
manufacturer’s manuals
2.3 Dismantling tools and components are
established in standard operating procedures
2.4 Component handling is aligned to the standard
operating procedures
3.1 Diagnostic tools and instruments are identified
3. Repair/Replace faulty
as per the workplace policy
components
3.2 Components functionality is tested as per the
manufacturer’s manuals
3.3 Test parameters are compared with the
expected output in line with the manufacturer’s
manuals
3.4 Faulty components are identified and removed
as per the standard operating procedure
3.5 Faulty components are repaired/replaced in line
with manufacturers manuals
3.6 Repaired/replaced components are tested for
their functionality according to standard
operating procedure

© TVET CDACC 2019 47

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
required level of performance for each of the
These describe the key
elements.
outcomes which make up
workplace function. (Bold and italicised terms are elaborated in the
Range)
3.7 Components are reassembled, and continuous
monitoring performed as per the industries best
practice
4.1 Tools in managing software updates are
4. Upgrade computer
established as per the industry best practice
hardware/software
4.2 Test environment is developed for hardware
and software as per industry best practices
4.3 Licensed software and hardware are used in
computer upgrades as per the organizations
ICT policy
4.4 Schedule updates in lines with the organization
policy
4.5 Upgraded computer hardware and software are
tested in line with the organization policy
5.1 Maintenance report is prepared in line with the
5. Prepare and document
organizations approved format
maintenance report
5.2 Maintenance report is shared with the relevant
parties
5.3 Prepared report is filed as per the organizations
policy

RANGE

This section provides work environment and conditions to which the performance
criteria apply. It allows for different work environment and situations that will affect
performance.
Variable Range
1. Hardware may  Desktops
includes but not  Central process unit (CPU)
limited to:  Laptops
 Mobile phones
 Server boxes
 Hard drives
 Routers
 Switches
2. Software may  Preventive
includes but not  Detective
limited to:

© TVET CDACC 2019 48

Variable Range
 Responsive

REQUIRED KNOWLEDGE AND UNDERSTANDING

The individual needs to demonstrate knowledge and understanding of:

 Security risk management techniques and procedures

 Types of security threats and their control measures
 Security audit procedures
 ICT security policy
 Strategies for Mitigating risks
 Categories of Security threats
 Penetration testing skills

FOUNDATION SKILLS
The individual needs to demonstrate the following foundation skills:
 Communications (verbal and written);  Decision making;
 Time management;  Report writing;
 Penetration Skills
 Problem solving;
 Planning;

EVIDENCE GUIDE

This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and understanding and range.
1. Critical Aspects Assessment requires evidence that the candidate:
of Competency 1.1 Diagnosed software and hardware in line with the
standard operating procedure
1.2 Dismantled components in line with the manufacture’s
manuals
1.3 Tested components functionality as per the
manufacturer’s manuals
1.4 Tested repaired/replaced components functionality
according to standard operating procedure
1.5 Monitoring reassembled components as per the
industries best practice
1.6 Test environment was developed for hardware and
software as per industry best practices
1.7 Prepared maintenance report in line with organizations
approved format
1.8 Tested upgraded computer hardware and software were

© TVET CDACC 2019 49

 tested in line with the organization policy
1.9 Security threats were identified and classified as per the
organization ICT policy
1.10 Security control measures were identified and
categorized
The following resources should be provided:
2. Resource
2.1 Access to relevant workplace where assessment can
Implications
take place
for competent
2.2 Appropriately simulated environment where
certification
assessment can take place
2.3 Materials relevant to the proposed activity or tasks
3. Methods of Competency may be assessed through:
Assessment 3.1 Observation
3.2 Oral questioning
3.3 Practical test in conducting test
3.4 Demonstration of interpretation of test results
Competency may be assessed individually
4. Context of
4.1 In the actual workplace
Assessment
4.2 Simulated environment of the work place
5. Guidance Holistic assessment with other units relevant to the industry
information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 50

 DEMONSTRATE UNDERSTANDING OF CYBER SECURITY LAWS,
POLICIES AND REGULATIONS

UNIT CODE: SEC/OS/CS/CR/02/6/A

UNIT DESCRIPTION
This unit covers the competencies required in applying Cyber security laws, policies
and regulations. They include demonstrating the understanding of cyber security
policies, laws and regulations, demonstrating understanding of different cyber
security policies and regulation, participating in developing cyber security polices,
implementing Cyber security policies and regulations, participating in evaluating
cyber security polices, evaluating compliance in Cyber security policies and
regulations and monitoring effectiveness of Cyber security policy in an organization.
ELEMENTS AND PERFORMANCE CRITERIA

PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements
workplace function. (Bold and italicised terms are elaborated in the
Range)
1.1 Different cyber security laws are identified
1. Demonstrate
based on the available world’s legal systems.
understanding of cyber
1.2 Various types of cyber-crimes are identified
security polices, laws
based on the existing and emerging treats
and regulations
1.3 Cyber crime laws are identified based on the
country’s legal framework.
1.4 Cyber security laws are applied as per the
country’s legal system
1.5 Cyber security laws are complied with as per
the organizations or country’s legal framework.
1.6 Impacts of cyber crimes are identified
according to country’s social economic factors
2.1 Different types of cyber security policies and
2. Demonstrate
regulations are identified
understanding of
2.2 Application of different cyber security policies
different Cyber security
are determined as per the industry best practice
policies and regulations
2.3 Policies and regulation stakeholders are

© TVET CDACC 2019 51

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements
workplace function. (Bold and italicised terms are elaborated in the
Range)
identified
3.1 Infrastructure and components for cyber
3. Participate in
security policy are identified and classified
developing Cyber
3.2 Nature and operations of the business aligned to
Security policy
the policy is established
3.3 Draft cyber security policy is developed in line
with the known industrial standards and the
laws of the land
3.4 Review drafted cyber security policy in line
with the industry best practice
4.1 Cyber security policy is adopted for
4. Implement Cyber
implementation as per the organization
Security policy and
requirements
regulations
4.2 Cyber security policy implementation team is
constituted in line with the organization
requirements
4.3 Implementation schedule is prepared as per the
organization requirement
4.4 Initiation of the cyber security policy
implementation schedule is performed in line
with organization policies
4.5 Cyber security policy implementation process is
monitored in line with the established schedule
4.6 Cyber security policy and regulation
implementation is verified as per the
substantive law and organization policies
5.1 Continuous review and updates of cyber
5. Participate in evaluating
security policy is performed in line with
Cyber security policy
organization requirements
5.2 Cyber security policy is evaluated in line with
the cyber security emerging trends
6.1 Infrastructure landscape is audited in line with
6. Comply with Cyber
the organization Cyber security policy and
security policy and
regulations
regulations
6.2 Risk factors for non-compliance are calculate
as per the industry best standards
6.3 Recommendation are reported on the
compliance level as per the policy and
regulations

© TVET CDACC 2019 52

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements
workplace function. (Bold and italicised terms are elaborated in the
Range)
7.1 Adoption levels are determined in line with
7. Monitor effectiveness of
organization requirements
Cyber security policy in
7.2 Cyber security policy impact on technologies,
an organization
process and people within the organization is
monitored as per the organization policy.
7.3 Effectiveness of the Cyber security policy
implemented is monitored in line with
organization requirement
RANGE
This section provides work environment and conditions to which the performance
criteria apply. It allows for different work environment and situations that will affect
performance.
Variable Range
 Software
1. Components and
 Hardware
infrastructure may
 People
include but not
 Data
limited to:
 Procedures
 Information

REQUIRED KNOWLEDGE AND UNDERSTANDING

The individual needs to demonstrate knowledge and understanding of:
 Troubleshooting techniques
 Cyber security infrastructure auditing procedures
 Cyber security safety and precautious measures
 Cyber security prevention measures
 Performance monitoring techniques
 Cyber security policy
 Causes of hardware and software failure
 Components of cyber security infrastructure
 User training procedures

FOUNDATION SKILLS

The individual needs to demonstrate the following additional skills:

© TVET CDACC 2019 53

  Communications (verbal and  Decision making;
written);  Report writing;
 Proficient in ICT;
 Time management;
 Analytical
 Problem solving;
 Planning;

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and understanding and range.
1. Critical Aspects Assessment requires evidence that the candidate:
of Competency 1.1 Identified different types of cyber security policies and
regulations
1.2 Determined application of different cyber security
policies as per the industry best practice
1.3 Developed a draft of cyber security policy in line with
the known industrial standards and the laws of the land
1.4 Prepared implementation schedule as per the
organization requirement
1.5 Evaluated cyber security policy line with the cyber
security trends
1.6 Calculated risk factors for non-compliance as per the
industry best standards
1.7 Reported recommendations on the compliance level as
per the policy and regulations
1.8 Monitored Cyber security policy impact on technologies,
process and people within the organization as per the
organization policy
1.9 Monitored effectiveness of the Cyber security policy
implementation in line with the organization requirement
1.10 Performed audit on existing cyber security
components and infrastructure
1.11 Verified drafted cyber security policy in line with the
standard operating procedure

The following resources should be provided:

2. Resource
2.1 Access to relevant workplace where assessment can
Implications
take place
for competent
2.2 Appropriately simulated environment where
certification
assessment can take place
2.3 Materials relevant to the proposed activity or tasks
Competency may be assessed through:
3. Methods of
3.1 Oral questioning
Assessment

© TVET CDACC 2019 54

 3.2 Written tests
3.3 Practical demonstration
3.4 Observation
4. Context of Competency may be assessed individually in the actual
Assessment workplace or through simulated work environment

5. Guidance Holistic assessment with other units relevant to the industry

information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 55

 PERFORM COMPUTER NETWORKING

UNIT CODE: SEC/OS/CS/CR/03/6/A

UNIT DESCRIPTION
This unit covers the competencies required to perform computer networking
activities. It involves identifying network types, configuring network devices,
connecting network devices, monitoring network performance, documenting network
report, training network users and maintaining of the network.

ELEMENTS AND PERFORMANCE CRITERIA

PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
required level of performance for each of the
These describe the key
elements.
outcomes which make up
workplace function. (Bold and italicised terms are elaborated in the
Range)
1. Identify network type 1.1. Site survey is conducted to determine the
user needs and establish network topology
1.2. Network design is developed according to the
site survey
1.3. Network components are identified
according to the site survey
1.4. Network type is identified as per the client’s
requirements
2. Configure network 2.1. Network is installed and configured
devices according to network installation manual.
2.2. IP addressing scheme, subnet masking and
routing protocol configuration is performed
2.3. Network segmentation is determined as per
the Network design.
2.4. Network privileges are allocated according to
the network configuration.
2.5. Network types are configured as per the
type of connection
3. Connect network devices 3.1. Tools, materials and devices for network
are identified according to the network type
3.2. Network connection is performed
according to National and international
communication standards and protocols
3.3. Stability and connectivity tests of cables
and equipment is done as per the network type
3.4. Media management is performed as per the
industry best practice
4. Monitor Network 4.1. Network monitoring tools are identified as

© TVET CDACC 2019 56

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
required level of performance for each of the
These describe the key
elements.
outcomes which make up
workplace function. (Bold and italicised terms are elaborated in the
Range)
performance per the type of tests to be carried out
4.2. Network monitoring tools are deployed as
per the network connection type.
4.3. Network status is determined as per the
monitoring report.
4.4. Network is monitored in line with its
operation manual
5. Document network report 5.2 Networking report is prepared and filed in the
approved format as per the organization policy
5.3 Networking report is shared with the relevant
parties
5.4 Test results are document as per the
organizations policy
5.5 Network reports are stored in the in the
relevant department for reference purpose as
per the organization policy
6. Train network users 6.1. Network user are trained on its operation in
line with its installation manual
6.2. Users are identified as per the network
coverage
6.3. Users are provided with the network
operation manual
6.4. User training manuals are prepared
according to network functionality
6.5. User training is done according to the user
training manual
7. Maintain Network 7.1. Network is optimized between the network
components and medium in line with the
operation manual.
7.2. Network security is applied according to
vulnerability of the Network.
7.3. Maintenance schedule is prepared as per
the task to be carried out.
7.4. Network updates are scheduled as per the
organization policy

© TVET CDACC 2019 57

RANGE
This section provides work environment and conditions to which the performance
criteria apply. It allows for different work environment and situations that will affect
performance.
Variable Range
 Star
1. Network topology
 Ring
may includes but
 Mesh
not limited to:
 Hybrid
 Point to point
 Routers
2. Network
 Switches
components may
 Hub
includes but not
 RJ 45 connectors
limited to:
 Ports
 Computers
 Printers

 WAN
3. Network types may
 LAN
includes but not
 PAN
limited to:
 TCPIP
4. Network protocols
 UDP
may includes but
 HTT
not limited to:
5. Monitoring tools  Ping
may includes but  Tracert
not limited to:  Speed test
6. Network privileges  Pprivilege allows a user to perform an action.
may includes but  The ability to create a file in a directory, or to
not limited to: read or delete a file, access a device, or have read
or write permission to a socket for
communicating over the Internet
 Intrusion detection systems
7. Network security
 Patching and Updating
Measures may
 Port Scanners
includes but not
 Network Sniffers
limited to:
 Vulnerability scanners
 Antiviruses

REQUIRED KNOWLEDGE AND UNDERSTANDING

© TVET CDACC 2019 58

The individual needs to demonstrate knowledge and understanding of:
 Network Architecture
 Network programming languages
 Network Components and devices
 Network types
 Network security Measures
 Network Monitoring procedures
 Network testing techniques
 Network configuration techniques
 Network protocols
 Network security techniques and procedures
 Network testing procedures

FOUNDATION SKILLS
The individual needs to demonstrate the following foundation skills:
 Communications (verbal and written);
 Proficient in ICT;
 Problem solving
 Decision Making
 Leadership
 Self-training

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required knowledge and understanding and range.

1. Critical Aspects Assessment requires evidence that the candidate:

of Competency 1.1 Conducted site survey on determining the user needs
and establishing of network topology
1.2 Developed network design in line with the site survey
1.3 Performed IP addressing scheme, subnet masking and
routing protocol configuration of the network
1.4 Network privileges are allocated according to the
network configuration.
1.5 Performed network connection according to the National
and international communication standards
1.6 Identified network monitoring as per the type of tests
that were to be carried out
1.7 Monitored network protocols in line with its operation
manual
1.8 Prepared and filled network report in line with the
approved format of the organization
1.9 Prepared user training manuals according to the software
functionality

© TVET CDACC 2019 59

 1.10 Applied network security according to the vulnerability
of the Network
1.11Components were identified during site survey
2. Resource The following resources should be provided:
Implications 2.1 Access to relevant workplace where assessment can
for competent take place
certification 2.2 Appropriately simulated environment where
assessment can take place
2.3 Materials relevant to the proposed activity or tasks
3. Methods of Competency may be assessed through:
Assessment 3.1 Observation
3.2 Oral questioning
3.3 Practical demonstration
4. Context of Competency may be assessed individually in the
Assessment actual workplace and simulated setting of the actual
work place
5. Guidance Holistic assessment with other units relevant to the industry
information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 60

 SECURE SOFTWARE APPLICATION
UNIT CODE: SEC/OS/CS/CR/04/6/A

UNIT DESCRIPTION
This unit covers the competencies required to secure software application.
Competencies includes: Identifying software to be secured, establishing tools for
application security assessment, perform application security assessment, hardening
software application, monitoring application security performance and preparing of
reports on software security.

ELEMENTS AND PERFORMANCE CRITERIA

PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function. (Bold and italicised terms are elaborated in the
Range)
1.1 Software is identified in line with
1. Identify software to be
manufacturers
secured
1.2 Software use is established as per its
applications
1.3 Software platform diversity is established
according to manufactures user guides
2.1 Types of tools are identified according to the
2. Establish tools for
platform of use
application security
2.2 Network communication is adhered to in tools
assessment
identification
2.3 Tools are identified as per their availability and
cost
2.4 Tools are identified as per the data size
2.5 Tools are identified according to the
environment of use.
2.6 Tools identification is performed as per the
nature of the software
2.7 Tools are established as per the type of
hardware and software
2.8 Tools are selected as per the expected outcome
of the application security assessment.
3.1 Application assessment is performed in line
3. Perform application
with national and international standards
security assessment
3.2 Application assessment is conducted as per the
ISO 27001
3.3 Assessment is performed in line with NIST

© TVET CDACC 2019 61

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function. (Bold and italicised terms are elaborated in the
Range)
4.1 Configuration is performed as per the
4. Harden software
manufacturers guide, ICT regulations and
application
industries best practice
4.2 Security measures are put around the software
according ICT policy
4.3 Access control measures are set up in line
organizations ICT policy
4.4 Valid licenses are installed in software as per
the manufacturer’s guides
4.5 Software is monitored continuously as per its
operations
4.6 Security updates and patches are installed in
line with manufacturers guidelines
4.7 Environment of software use is secured as per
the organization policy
5.1 Monitoring solution is implemented in line with
5. Monitor application
organization policy
security performance
5.2 Logs are monitored as per the organization ICT
policy
5.3 Continuous security assessment is conducted as
per the industries best practice
5.4 Application security performance is measured
in line with its uptime period
6.1 Software security reports are prepared in line
6. Prepare a report on
with the organizations approved format
software security
6.2 Software security reports are shared with
relevant parties as per the organization policy
6.3 Software security reports are documented and
filled according organization filing system
6.4 Software security risk mitigation
recommendations are prepared and shared with
the relevant parties

© TVET CDACC 2019 62

RANGE
This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range
 Software
1. ICT components
 Hardware
and infrastructure
 People
may include but not
 Data
limited to:
 Procedures
 Information

REQUIRED KNOWLEDGE AND UNDERSTANDING

The individual needs to demonstrate knowledge and understanding of:
 Troubleshooting techniques
 ICT Infrastructure auditing procedures
 ICT safety and precautious measures
 ICT Prevention measures
 Performance monitoring techniques
 ICT policy
 Causes of hardware and software failure
 Components of ICT Infrastructure
 User training procedures

FOUNDATION SKILLS

The individual needs to demonstrate the following additional skills:

 Communications (verbal and  Decision making;

written);  Report writing;
 Proficient in ICT;
 Time management;
 Analytical
 Problem solving;
 Planning;

EVIDENCE GUIDE

© TVET CDACC 2019 63

This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and understanding and range.
1. Critical Aspects Assessment requires evidence that the candidate:
of Competency 1.1 Software was identified in line with manufacturers
1.2 Software use was established as per its applications
1.3 Tools identification was performed as per the nature of
the software
1.4 Application assessment was performed in line with
OWASP
1.5 Configuration was performed as per the manufactures
guide, ICT regulations and industries best practice
1.6 Valid licenses were installed in software as per the
manufacturer’s guides
1.7 Security updates and patches were installed in line with
manufacturers guidelines
1.8 SIEM solution was implemented in line with
organization policy
1.9 Software security reports were shared with relevant
parties as per the organization policy
1.10 Environment of software use is secured as per the
organization policy
The following resources should be provided:
2. Resource
2.1 Access to relevant workplace where assessment can
Implications
take place
for competent
2.2 Appropriately simulated environment where
certification
assessment can take place
2.3 Materials relevant to the proposed activity or tasks
Competency may be assessed through:
3. Methods of
Assessment 3.1 Oral questioning
3.2 Practical demonstration
3.3 Observation
4. Context of Competency may be assessed individually in the actual
Assessment workplace or through simulated work environment

5. Guidance Holistic assessment with other units relevant to the industry

information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 64

 SECURE DATABASES
UNIT CODE: SEC/OS/CS/CR/05/6/A

UNIT DESCRIPTION
This unit covers the competencies required to secure databases. Competencies
includes; identifying types of databases, identifying database threats and
vulnerabilities, installing database patches, installing database security management
system, monitoring database security, monitoring access control and managing
database backups.
ELEMENTS AND PERFORMANCE CRITERIA

PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function. (Bold and italicised terms are elaborated in the
Range)
1.1 Database type is identified as per the types of
1. Identify types of
data it holds
databases
1.2 Database is established as per the amount of
data it holds
1.3 Database is classified as per its distribution
1.4 Database type is determined in line with the
number of users
1.5 Database is identified as per its operational
model
1.6 Cost evaluation is adhered to in database type
identification
2.1 Database tests are performed as per the
2. Identify database threats
manufacturers manual
and vulnerabilities
2.2 Security vulnerabilities and exposures updates
are assessed as per the standard operation
procedures
2.3 Database is checked for misconfiguration as per
the manufacturers guide
3.1 Required patches are identified and acquired as
3. Install databases patches
per manufacturers guidelines
3.2 Required patches are verified as per the
manufacture’s guidelines
3.3 Database patches are deployed in a test
environment as per the organization quality
assurance policy.
3.4 Database patches are monitored as per the ICT
policy
3.5 Database patches are deployed in the

© TVET CDACC 2019 65

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function. (Bold and italicised terms are elaborated in the
Range)
production environment as per the organization
policy.
4.1 Type of database security management system
4. Install database security
is established as per the client’s requirements
management systems
4.2 Security management system is established in
line with the deployment model
4.3 Hardware sizing is performed in line with
database to be secured
4.4 Security management system is installed and
configured according to manufacturer’s
manual
4.5 Security management system is verified as per
the guidelines in database security
management system set up.
4.6 System integration is performed as per the
manufacturers manual and clients requirement
5.1 Logs are collected and analysed as per the
5. Monitor database
standard operating procedure
security
5.2 Failed log in attempts are monitored as per
system operation
5.3 Database firewall is configured as per the
database expected operation
5.4 Remote access is monitored as per database
operation
5.5 Odd hours database access monitored as per the
its operation
5.6 Change in user access patterns is monitored in
with the operation of the database
5.7 Random change in size of the database is
monitored as per its normal size.
5.8 File configuration changes are monitored as per
database operation.
6.1 Failed log in attempts are identified as per the
6. Manage access control
system operation
6.2 Privilege account abuse is checked as per the
access control policy
6.3 Users access control is managed in line with the
least privileged principle
6.4 Active directory rules are adhered to in

© TVET CDACC 2019 66

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function. (Bold and italicised terms are elaborated in the
Range)
database access
6.5 Database is accessed by allowed devices as per
the organizations policy
6.6 Obfuscation is adhered to in database access
6.7 Database auditing system is established as per
the nature of the data to be secured
7.1 Automatic backups are scheduled as per the
7. Manage database
ICT policy and regulations
backups
7.2 Backups are managed in line with the
organization ICT policy and industry best
practice
7.3 Database backups are updated as per the ICT
policy
7.4 Backups are stored as per the organization set
up and industry best practice
7.5 Backups are regularly checked in line with the
ICT policy
7.6 Identify and manage backup solutions in line
with the organization policy

RANGE
This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range


REQUIRED KNOWLEDGE AND UNDERSTANDING

The individual needs to demonstrate knowledge and understanding of:
 Troubleshooting techniques
 ICT Infrastructure auditing procedures
 ICT safety and precautious measures

© TVET CDACC 2019 67

 ICT Prevention measures
 Performance monitoring techniques
 ICT policy
 Causes of hardware and software failure
 Components of ICT Infrastructure
 User training procedures

FOUNDATION SKILLS

The individual needs to demonstrate the following additional skills:

 Communications (verbal and  Decision making;

written);  Report writing;
 Proficient in ICT;
 Time management;
 Analytical
 Faults troubleshooting
 Problem solving;
 Planning;

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and understanding and range.

Assessment requires evidence that the candidate:

1. Critical Aspects
1.1 Database was established as per amount of data it holds
of Competency
1.2 Database was identified as per its operation model
1.3 Cost evaluation was performed in database type
identification
1.4 Database was checked for misconfiguration in line with
the
manufacturers guide
1.5 Database patches were deployed in a test environment as
per the organization quality assurance policy.
1.6 Database patches were monitored as per the ICT policy
1.7 Hardware sizing was performed in line with database to
be secured
1.8 Database firewall was configured as per the database
expected operation
1.9 Automatic backups were scheduled as per the ICT
policy and regulations
1.10Backups were managed in line with the organization
ICT policy and industry best practice
1.11Backups were stored as per the organization set up and

© TVET CDACC 2019 68

 industry best practice
The following resources should be provided:
2. Resource
2.1 Access to relevant workplace where assessment can
Implications
take place
for competent
2.2 Appropriately simulated environment where
certification
assessment can take place
2.3 Materials relevant to the proposed activity or tasks
Competency may be assessed through:
3. Methods of
Assessment 3.1 Oral questioning
3.2 Practical demonstration
3.3 Observation
4. Context of Competency may be assessed individually in the actual
Assessment workplace or through simulated work environment
5. Guidance Holistic assessment with other units relevant to the industry
information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 69

UNIT CODE: SEC/OS/CS/CR/06/6/A

UNIT DESCRIPTION
This unit covers the competencies required to administer cyber security system. It
involves identifying and analysing information to be protected, establishing systems
to be administered, assessing system compatibility, monitoring system performance,
documenting system administration report and establishing a cyber-security backup
and restoration plan.
ELEMENTS AND PERFORMANCE CRITERIA
PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements
workplace function. (Bold and italicised terms are elaborated in the
Range)
1.1 Platform of the information location is
1. Identify and analyze
established as per the organization policy
information to be protected
1.2 Information attributes of the organization is
determined in line with the organization policy
1.3 Technology used in information storage is
established as per the organization policy
1.4 Information access control is established in line
with organization policy
1.5 Information or data to be protected is analyzed
in line with the Cyber security policy and
regulations
2.1 System is established as per the scope of the
2. Establish systems to be
information to be protected
administered
2.2 Existing threats and trends are considered in
establishing the security system to be installed
as per the industry best practice
2.3 Hardware and software requirements are
established in line with the system to be
installed
3.1 Cyber security system is assessed for
3. Asses system’s
compatibility with the cyber security devices
compatibility
and equipment
3.2 Components specification are checked in line
with the entire cyber security system
3.3 System is assessed in line with the
manufacturers manual and organizations
objectives
4.1 System effectiveness is monitored periodically
4. Monitor system
in line with the operation manual and cyber
performance

© TVET CDACC 2019 70

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements
workplace function. (Bold and italicised terms are elaborated in the
Range)
security policy
4.2 Simulations are performed during system
monitoring period as per the organization
policy
4.3 Logs are continuously analysed and reported as
per the organization cyber security policy
4.4 System security updates and patches are
installed according to manufacturer’s manuals
and organization cyber security policy
5.1 Installation and operation report are prepared
5. Document system
and shared with the relevant parties
administration report
5.2 Prepared report is filled as per the organizations
cyber security policy
6.1 Location for the backup is identified as per the
6. Establish a cyber
organization policy and industry best practice
security back up and
6.2 Information to be backed up is established as
restoration plan
per the organization cyber security policy
6.3 Back up platform is established in line with the
organization policy
6.4 Performance validation of the backups is
performed as per the organization cyber
security policy
6.5 Measures on creating backup schedules are
developed in line with the industry best practice

RANGE

This section provides work environment and conditions to which the performance
criteria apply. It allows for different work environment and situations that will affect
performance.

Variable Range

Security threats includes  Malicious hackers

but not limited to:  Industrial espionage
 Employee sabotage
 Fraud and theft
 Loss of physical and infrastructure support

© TVET CDACC 2019 71

Variable Range

 Errors and Omissions

Cyber Security system  Knowledge management system
includes but not limited to:  Firewalls instruction detection system

REQUIRED KNOWLEDGE AND UNDERSTANDING

The individual needs to demonstrate knowledge and understanding of:

 Cyber Security risk management techniques and procedures

 Types of security threats and their control measures
 Cyber security audit procedures
 Cyber security policy
 Strategies for Mitigating risks
 Categories of Security threats
 Penetration testing skills

FOUNDATION SKILLS
The individual needs to demonstrate the following foundation skills:
 Communications (verbal and written);  Decision making;
 Time management;  Report writing;
 Penetration Skills
 Problem solving;
 Planning;

EVIDENCE GUIDE

This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and understanding and range.

1 Critical Aspects Assessment requires evidence that the candidate:

of Competency 1.1 Considered existing threats and trends in establishing the
security system to be installed
1.2 System to be installed was established with self-
defensive mechanism
1.3 Components specification were checked in line with the
entire cyber security system
1.4 System was installed and configured as per the
manufacturers manual
1.5 Established testing types as per the standard operating
procedure
1.6 Performed simulations during system monitoring period

© TVET CDACC 2019 72

 as per the organization policy
1.7 Continuously analysed logs and reported as per the
organization cyber security policy
1.8 Establish back up platforms in line with the organization
policy
1.9 Performed validation of the backups as per the
organization ICT policy
1.10 Developed back up schedule as per the organization
cyber security policy
1.11 Training manual was prepared and shared with the
system users
The following resources should be provided:
2 Resource
2.1 Access to relevant workplace where assessment can
Implications
take place
for competent
2.2 Appropriately simulated environment where
certification
assessment can take place
2.3 Materials relevant to the proposed activity or tasks
3 Methods of Competency may be assessed through:
Assessment 3.1 Observation
3.2 Oral questioning
3.3 Practical test in conducting test
3.4 Demonstration of interpretation of test results
Competency may be assessed individually
4 Context of
4.1 In the actual workplace
Assessment
4.2 Simulated environment of the work place
5 Guidance Holistic assessment with other units relevant to the industry
information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 73

 CONDUCT CYBER SECURITY ASSESSMENT AND TESTING
UNIT CODE:SEC/OS/CS/CR/07/6/A

UNIT DESCRIPTION
This unit covers the competencies required to conduct cyber security assessment and
testing. It involves gathering information about organization and its systems, scan and
mapping of network, enumerating network resources, exploiting known
vulnerabilities, performing social engineering and preparing security assessment and
testing report.
ELEMENTS AND PERFORMANCE CRITERIA

PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function. (Bold and italicised terms are elaborated in the
Range)
1.1 Types of information required is established
1. Gather information
according line with the industry best practice
about organization and
1.2 The nature of the target is determined in line
its systems
with the information required
1.3 Search engines are considered in information
gathering
1.4 Information gathering is conducted in
adherence to the target social engineering
1.5 Information gathering is conducted in line with
manufacturers guide of the source of the
information
1.6 Organization operation platform is established
in line with industry best practice
2.1 Live hosts are identified as per the standard
2. Scan and map the
operation procedure
network
2.2 Network topology is drawn based on industry
best practice
2.3 Services running on the live hosts are identified
in line industry best practices
2.4 Vulnerable points are identified as per the
services on the host
3.1 Users are identified as per the standard
3. Enumerate target
operating procedure
resources
3.2 Authorization credentials are established as per
the organization ICT policy
3.3 Enumeration in services are established based

© TVET CDACC 2019 74

 PERFORMANCE CRITERIA
ELEMENT These are assessable statements which specify the
These describe the key required level of performance for each of the
outcomes which make up elements.
workplace function. (Bold and italicised terms are elaborated in the
Range)
on the organization policy
3.4 Protocols enumeration is performed as per the
standard operating procedure
3.5 Work groups are established in line with the
network and active directory
3.6 Database is enumerated in line with industry
best practice
3.7 Rainbow tables are designed based on industry
best practice
4.1 Exploits are deployed in line with industry best
4. Exploit known
practice
vulnerabilities
4.2 Payloads are prepared and deployed in line with
the environment and industry best practice and
ethics
4.3 Deploying methods are established in line with
the expected target
4.4 Access to remote host is maintained per
standard operating procedure
4.5 Exploitation proof of concept is generated in
line with the standard operating procedure
5.1 Methods of manipulating human emotion are
5. Perform social
exercised as per workplace procedures
engineering
5.2 System users are manipulated using the system
as per the industry best practice
5.3 System is manipulated using third party
vendors in line with industry best practice
6.1 Security assessment and testing reports are
6. Prepare security
prepared in line with the organizations
assessment and testing
approved format
report
6.2 Security assessment and testing reports are
shared with relevant parties as per the
organization policy
6.3 Security assessment and testing reports are
documented and filled according organization
filing system
6.4 Security assessment and testing risk mitigation
recommendations are prepared and shared with
the relevant parties

© TVET CDACC 2019 75

RANGE
This section provides work environments and conditions to which the performance
criteria apply. It allows for different work environments and situations that will affect
performance.

Variable Range

REQUIRED KNOWLEDGE AND UNDERSTANDING

The individual needs to demonstrate knowledge and understanding of:
 Troubleshooting techniques
 ICT Infrastructure auditing procedures
 ICT safety and precautious measures
 ICT Prevention measures
 Performance monitoring techniques
 ICT policy
 Causes of hardware and software failure
 Components of ICT Infrastructure
 User training procedures

FOUNDATION SKILLS

The individual needs to demonstrate the following additional skills:

 Communications (verbal and written);  Decision making;

 Proficient in ICT;  Report writing;
 Time management;
 Analytical
 Faults troubleshooting
 Problem solving;
 Planning;

EVIDENCE GUIDE
This provides advice on assessment and must be read in conjunction with the
performance criteria, required skills and understanding and range.

1. Critical Aspects Assessment requires evidence that the candidate:

© TVET CDACC 2019 76

 1.1 Targets nature was determined in line with the
of Competency
information required
1.2 Types of information required was established according
line with the industry best practice
1.3 Organization operation platform was established in line
industry best practice
1.4 Network topology was drawn based on industry best
practice
1.5 Vulnerable points were identified as per the services on
the host
1.6 Protocols enumeration was performed as per the standard
operating procedure
1.7 Authorization credentials were established as per the
organization ICT policy
1.8 Payloads were prepared and deployed in line with
industry best practice and ethics
1.9 Exploitation proof of concept was generated in line with
the standard operating procedure
1.10 System users were manipulated using the system as
per the industry best practice
The following resources should be provided:
2. Resource
2.1 Access to relevant workplace where assessment can
Implications
take place
for competent
2.2 Appropriately simulated environment where
certification
assessment can take place
2.3 Materials relevant to the proposed activity or tasks
Competency may be assessed through:
3. Methods of
Assessment 3.1 Oral questioning
3.2 Practical demonstration
3.3 Observation
4. Context of Competency may be assessed individually in the actual
Assessment workplace or through simulated work environment

5. Guidance Holistic assessment with other units relevant to the industry

information for sector, workplace and job role is recommended.
assessment

© TVET CDACC 2019 77

© TVET CDACC 2019 78