Incident Response Exercise

10/6/2017 Final Project: Incident Response Exercise & Report - Submit Files - CSIA 310 6381 Cybersecurity Processes and Technologies (2178) - UMUC …

https://learn.umuc.edu/d2l/lms/dropbox/user/folder_submit_files.d2l?db=532069&grpid=0&isprv=0&bp=0&ou=247136 1/2

Rubric Name: Final Project - Incident Report

Criteria Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable

Section 1: Contact Information

10 points

Provided an acceptable �tle page for the file. Provided a complete sec�on 1 of the Incident Report Form that included realis�c but fic�onalized data for all of the following fields:

Name Role Organiza�onal Unit and affilia�on Email address Phone Number loca�on

8.5 points

Provided an acceptable �tle page for the file. Provided a complete sec�on 1 of the Incident Report Form that included realis�c but fic�onalized data for at least four of the following fields:

Name Role Organiza�onal Unit and affilia�on Email address Phone Number loca�on

7 points

Provided an acceptable �tle page for the file. Provided a complete sec�on 1 of the Incident Report Form that included realis�c but fic�onalized data for at least three of the following fields:

Name Role Organiza�onal Unit and affilia�on Email address Phone Number loca�on

6 points

Provided an acceptable �tle page for the file. Provided informa�on in at least 3 of the following fields:

Name Role Organiza�onal Unit and affilia�on Email address Phone Number loca�on

4 points

Provided a �tle page and sec�on 1. The fields were sparsely completed.

0 points

Required content was missing.

Section 2: Incident Details

25 points

Provided an excellent report of the incident details as required by the NIST template. Responses for all items were clear, concise, and reflected the analysis of the Blue Team with addi�onal contribu�ons by this student.

22.5 points

Provided an outstanding report of the incident details as required by the NIST template. Responses for all items were clear and reflected the analysis efforts of the Blue Team with addi�onal contribu�ons by this student.

21 points

Provided an acceptable report of the incident details as required by the NIST template. Responses for most items were clear and reflected some of the analysis efforts of the Blue Team with addi�onal contribu�ons by this student.

15 points

Provided a report of the incident details as using the fields listed in the NIST template. Responses reflected some of the analysis efforts of the Blue Team with a few addi�onal contribu�ons by this student.

10 points

A�empted to complete Sec�on 2 of the incident report form but the informa�on was seriously lacking (a) details and/or (b) originality (copied rather than paraphrased).

0 points

No work submitted for this section.

Section 3: Cause of the Incident

25 points

Provided an excellent report of the incident causes using informa�on reported by the Red Team (from the assignment) and addi�onal analysis performed by the Blue Team and this student. Appropriately used informa�on from the Sifers-Grayson Overview and Enterprise Architecture diagrams. Repor�ng of the analysis was clear, concise, and reflected the analysis of the Blue Team with addi�onal contribu�ons by this student.

22.5 points

Provided an outstanding report of the incident causes using informa�on reported by the Red Team (from the assignment) and addi�onal analysis performed by the Blue Team and this student. Appropriately used informa�on from the Sifers-Grayson Overview and Enterprise Architecture diagrams. Repor�ng of the analysis was clear and reflected the analysis of the Blue Team with addi�onal contribu�ons by this student.

21 points

Provided an acceptable analysis and wri�en report of the incident causes using informa�on reported by the Red Team (from the assignment) and addi�onal analysis performed by the Blue Team and this student. Appropriately used informa�on from the Sifers-Grayson Overview and Enterprise Architecture diagrams. Repor�ng of the analysis included informa�on from the Blue Team with addi�onal contribu�ons by this student.

15 points

Provided an analysis of the incident causes using some informa�on from the Red Team and Blue Team with a few addi�onal contribu�ons by this student.

10 points

A�empted to complete Sec�on 3 of the incident report form but the informa�on was seriously lacking (a) details and/or (b) originality (copied rather than paraphrased).

0 points

No work submitted for this section.

Sections 4 & 5: Cost and Impact

10 points

Provided an excellent analysis of the potential costs and impacts of the incident as reported by the Red Team. Analysis was clear and concise. Included information from the Blue Team and

8.5 points

Provided an outstanding analysis of the potential costs and impacts of the incident as reported by the Red Team. Analysis was clear and included information from the Blue Team and

7 points

Provided an acceptable analysis of the potential costs and impacts of the incident as reported by the Red Team. Analysis included some information from the Blue Team and limited

6 points

Attempted to provide an analysis of the potential costs and impacts of the incident.

4 points

Addressed the potential impacts of the incident but the analysis was significantly lacking in (a) details and/or (b) originality (excessive copying with no paraphrasing).

0 points

No work submitted.

10/6/2017 Final Project: Incident Response Exercise & Report - Submit Files - CSIA 310 6381 Cybersecurity Processes and Technologies (2178) - UMUC …

https://learn.umuc.edu/d2l/lms/dropbox/user/folder_submit_files.d2l?db=532069&grpid=0&isprv=0&bp=0&ou=247136 2/2

supplemented it with additional analysis by this student.

supplemented it with additional analysis by this student.

additional analysis by this student.

Section 6: General Comments

10 points

Provided an excellent discussion of the contract requirements and derivative requirements for cybersecurity at Sifers-Grayson (clear, concise, accurate). Included information from the Blue Team and supplemented it with additional analysis by this student.

Included additional information as necessary to provide explanations and improve overall clarity for the incident response report.

8.5 points

Provided an outstanding discussion of the contract requirements and derivative requirements for cybersecurity at Sifers-Grayson (clear and accurate). Included information from the Blue Team and supplemented it with additional analysis by this student.

Included additional information as necessary to provide explanations and improve overall clarity for the incident response report.

7 points

Provided an acceptable discussion of the contract requirements and derivative requirements for cybersecurity at Sifers-Grayson. Included information from the Blue Team and supplemented it with additional analysis by this student.

6 points

Discussed some of the contract requirements and/or derivative requirements for cybersecurity at Sifers-Grayson. Included information from the Blue Team and supplemented it with additional analysis by this student. Important points were missing or were not adequately covered.

4 points

Attempted to complete Section 6 of the incident report form but the information was seriously lacking (a) details and/or (b) originality (copied rather than paraphrased).

0 points

Missing or no work submitted.

Professionalism: Execution

20 points

Work is professional in appearance and organization (appropriate and consistent use of fonts, headings, color).

No word usage, grammar, spelling, or punctua�on errors. All quota�ons (copied text) are properly marked and cited using a professional format. (APA format recommended but not required.)

18 points

Work is professional in appearance and organization (appropriate and consistent use of fonts, headings, color).

Work contains minor errors in word usage, grammar, spelling or punctua�on which do not significantly impact professional appearance. All quota�ons (copied text) are properly marked and cited using a professional format. (APA format recommended but not required.)

16 points

Work is professional in appearance and organization (minor issues allowable but overall the work contains appropriate and consistent use of fonts, headings, color).

Errors in word usage, spelling, grammar, or punctua�on which detract from professional appearance of the submi�ed work. All quota�ons (copied text) are properly marked and cited using a professional format. (APA format recommended but not required.)

14 points

Submi�ed work has numerous errors in forma�ng, organiza�on, word usage, spelling, grammar, or punctua�on which detract from readability and professional appearance. Punctua�on errors may include failure to properly mark quoted or copied material (an a�empt to name original source is required).

10 points

Submi�ed work is difficult to read / understand and has significant errors in forma�ng, appearance / organiza�on, spelling, grammar, punctua�on, or word usage. Significant errors in presenta�on of copied text (lacks proper punctua�on and failed to a�ribute material to original source).

0 points

No work submi�ed for this assignment.

Overall Score Excellent

90 or more

Outstanding

80 or more Acceptable

70 or more

Needs Improvement

50 or more Needs Significant Improvement

1 or more

No Submission

0 or more