ICTSAS501

DEVELOP, IMPLEMENT
AND EVALUATE AN
INCIDENT RESPONSE
PLAN

FORMATIVE
ASSESSMENT
 This material is developed by Enhance Your Future Pty Ltd for Australian Institute of
Science and Technology (AIST)

Developed by Enhance Your Future Pty Ltd 2

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 TABLE OF CONTENTS
TABLE OF CONTENTS..................................................................................................................................... 3
FORMATIVE ASSESSMENT............................................................................................................................. 4
FORMATIVE ACTIVITIES................................................................................................................................. 6
FORMATIVE ACTIVITY CHECKLIST................................................................................................................... 7

Developed by Enhance Your Future Pty Ltd 3

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 FORMATIVE ASSESSMENT
This formative assessment is to be used during your learning for the unit AHCSOL202 -
Assist with soil or growing media sampling and testing.

Formative assessments are designed for learning. Rather than assessing the learning
itself, it is used to assist your learning.

They are designed as a practice for you similar to homework. They assist you to learn.

Formative assessments can be done either as an:

 Individual

 In a group

 With a partner

 With the whole class

There are a few different methods of formative assessment. These include:

 Summaries and Reflections - Learners stop and reflect, make sense of what
they have heard or read, derive personal meaning from their learning
experiences, and/or increase their metacognitive skills. These require that
the learner use content-specific language.

  Lists, Charts, and Graphic Organisers - Learners will organise information,

make connections, and note relationships through the use of various graphic
organisers.

 Visual Representations of Information - Learners will use both words and

pictures to make connections and increase memory, facilitating retrieval of
information later on. This "dual coding" helps trainers address classroom
diversity, preferences in learning style, and different ways of "knowing."

 Collaborative Activities - Learners have the opportunity to move and/or

Developed by Enhance Your Future Pty Ltd 4

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 communicate with others as they develop and demonstrate their
understanding of concepts.

As you work through these assessments, think about how each question or activity helps
you to understand the concepts and learning more effectively.

Developed by Enhance Your Future Pty Ltd 5

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 FORMATIVE ACTIVITIES
Learners should answer the following or perform the tasks using the skills and
knowledge being taught during class presentations. Answers should reflect their
understanding of the learning.

Answers have no word limit and each learner should provide their own information
even when group or class activities are performed.

1. What is an incident?

2. What does the development of policies refer to?

3. What is an incident response team?

4. List five (5) positions held in an incident response team.

Developed by Enhance Your Future Pty Ltd 6

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 5. What should network security policies contain?

6. What is contained in an incident response plan?

7. What should be contained in an incident handling procedure?

8. What should be included in an incident report?

9. What is a red-teaming activity?

Developed by Enhance Your Future Pty Ltd 7

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 10. What is forensic evidence?

11. What methods can be used for the process of evidence collection? List four (4).

12. How can you protect forensic data?

13. What are indirect staffing needs?

14. What training might be required for incident response?

Developed by Enhance Your Future Pty Ltd 8

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 15. What is an incident response program?

16. The detection and analysis component of the incident response program should
include what? List five (5) things.

17. What should the post-incident component of the incident response program
include? List three (3) things.

18. List four (4) scenarios that a recovery plan could be developed for?

19. Give seven (7) examples of security incidents.

Developed by Enhance Your Future Pty Ltd 9

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 20. What is the objective of debriefing?

21. What methods could you use to assess the efficiency and effectiveness of the
incident response program activities? List five (5).

22. When examining the effectiveness of the red-teaming and incident response
tests, training and exercises it will be necessary to access a range of information.
List seven (7) types of information.

23. What factors need to be considered when assessing the effectiveness of the
teams response to an incident?

Developed by Enhance Your Future Pty Ltd 10

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 24. What should you consider when assessing the effectiveness of communications
during an incident? List eight (8) things.

25. List five (5) people you could make recommendations for improvement to.

26. How is a business domain defined?

27. List seven (7) types of legislation or standards that may apply to the
organisation.

28. What are back-up methodologies?

Developed by Enhance Your Future Pty Ltd 11

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
Developed by Enhance Your Future Pty Ltd 12
ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
 FORMATIVE ACTIVITY CHECKLIST
Formative Activity Checklist

For this assessment, the learner must complete the formative activities.

The formative activity is a stand-alone activity that will allow the learner to identify
the concepts and knowledge being taught and guide their learning in preparation for
summative assessment.

Learner Name:

Assessor Name:

Has the learner

satisfactorily completed
the formative activities?

Yes No

Did the Learner understand the concepts and knowledge being presented?

What is an incident?  

What does the development of policies refer to?  

What is an incident response team?  

List five (5) positions held in an incident response team.  

What should network security policies contain?  

What is contained in an incident response plan?  

What should be contained in an incident handling

 
procedure?

What should be included in an incident report?  

What is a red-teaming activity?  

Developed by Enhance Your Future Pty Ltd 13

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
What is forensic evidence?  

What methods can be used for the process of evidence

 
collection? List four (4).

How can you protect forensic data?  

What are indirect staffing needs?  

What training might be required for incident response?  

What is an incident response program?  

The detection and analysis component of the incident

response program should include what? List five (5)  
things.

What should the post-incident component of the

incident response program include? List three (3)  
things.

List four (4) scenarios that a recovery plan could be

 
developed for?

Give seven (7) examples of security incidents.  

What is the objective of debriefing?  

What methods could you use to assess the efficiency

and effectiveness of the incident response program  
activities? List five (5).

When examining the effectiveness of the red-teaming

and incident response tests, training and exercises it
 
will be necessary to access a range of information. List
seven (7) types of information.

What factors need to be considered when assessing the

 
effectiveness of the teams response to an incident?

What should you consider when assessing the

effectiveness of communications during an incident?  
List eight (8) things.

List five (5) people you could make recommendations  

Developed by Enhance Your Future Pty Ltd 14
ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name
for improvement to.

How is a business domain defined?  

List seven (7) types of legislation or standards that may

 
apply to the organisation.

What are back-up methodologies?  

Feedback to Learner:

Result  Satisfactory  Not Yet Satisfactory

Assessor’s Signature: Date:

Developed by Enhance Your Future Pty Ltd 15

ICTSAS501 - Develop, implement and evaluate an incident response plan Version 3
Course Code and Name