CPD

Cybersecurity artefact templates and rubrics

These templates are designed to be quick, defensible, and easy to explain. Use the rubric to check quality. Keep the output as CPD evidence.

Export CPD evidenceBack to course

How to use this

Practical, not perfection
  1. Pick the tier you are studying and copy the template into your notes.
  2. Complete it for one real example (work, a side project, or a safe fictional scenario).
  3. Use the rubric to tighten it until it is defensible.
  4. Paste a short reflection into your CPD record: what you assumed, what evidence you would keep, and what you would do next.

Foundations. Personal Security Baseline

Template + rubric + example

Template

Rubric (what “good enough” looks like)

  • MFA choice is justified (risk vs friction).
  • Backup plan includes a restore test.
  • Evidence is identified (what you would log/measure/keep).
  • Next actions are concrete and realistic.

Worked example (short)

Example (short):
MFA: hardware key for email and password manager.
Backups: weekly + monthly restore test.

Applied. Feature Security Review Pack

Template + rubric + example

Template

Rubric (what “good enough” looks like)

  • Threats include abuse cases, not only vulnerabilities.
  • Verification is testable (not “we will be careful”).
  • Evidence is identified (what you would log/measure/keep).
  • Trade-offs are stated, not implied.

Worked example (short)

Example (short):
Threat: IDOR, control: object-level auth checks, evidence: access logs + tests.

Practice. Operational Security Pack

Template + rubric + example

Template

Rubric (what “good enough” looks like)

  • Detection includes response steps (playbooks).
  • Evidence is operational (logs/alerts/runbooks), not just policy text.
  • Next actions are concrete and realistic.

Worked example (short)

Example (short):
Signal: unusual admin actions; runbook: contain + preserve evidence + notify.