Benchmark - Impact Analysis Part 2
tukaz2005
CYB-630-RS-ImpactAnalysisGuide3.3.docx
Benchmark - Impact Analysis Part 2: Audit
Benchmark - 3.3: Perform requirements analysis to identify and obtain data and evidence in support of cyber law inquiries and incidents.
Next, gauge and evaluate your organizations current state of security and protection protocols and mechanisms. Identify gaps, challenges, and opportunities for improvement by conducting a thorough audit making sure to:
1. Identify the industry specific cyber law in relation to inquiries and incidents.
2. Assess the critical information infrastructure. Determine the configuration of doors, windows, logical controls, data storage and encryption, firewalls, servers, routers, switches, hubs, and so forth to be compliant.
3. Identify key vulnerabilities points and strengths. Show compliance using a test case (pass/fail requirement). Demonstrate an actual compliance test of server, workstation, etc. that indicates what passes or what does not.
4. Indicate the legal elements and liability (costs) that the organization may encounter for non-compliance.
Place your findings in a report that will be reviewed by the CIO and System Security Authority (SSA).
Performance Level Ratings
|
Meets Expectations
|
Performance consistently met expectations in all essential areas of the assignment criteria, at times possibly exceeding expectations, and the quality of work overall was very good. The most critical goals were met. |
|
Near Expectations
|
Performance did not consistently meet expectations. Performance failed to meet expectations in one or more essential areas of the assignment criteria, one or more of the most critical goals were not met. |
|
Below Expectations
|
Performance was consistently below expectations in most essential areas of the assignment criteria, reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas. |
|
Criteria |
Below Expectations
|
Near Expectations
|
Meets Expectations
|
Earned |
|
Benchmark - 3.3: Perform requirements analysis to identify and obtain data and evidence in support of cyber law inquiries and incidents. |
||||
|
The student accurately identifies the industry specific cyber law in relation to inquiries and incidents. |
0 pts – 9 pts |
10 pts – 14 pts |
15 pts |
|
|
The student correctly assesses/analyzes the critical information infrastructure |
0 pts – 9 pts |
10 pts – 14 pts |
15 pts |
|
|
The student comprehensively identifies key vulnerabilities points and strengths. |
0 pts – 9 pts |
10 pts – 14 pts |
15 pts |
|
|
The student demonstrates compliance using a test case that indicates a pass/fail requirement. |
0 pts – 13 pts |
14 pts – 19 pts |
20 pts |
|
|
The student comprehensively presents the legal elements that the organization may encounter for non-compliance. |
0 pts – 13 pts |
14 pts – 19 pts |
20 pts |
|
|
The student comprehensively presents the liability (costs) that the organization may encounter for non-compliance. |
0 pts – 13 pts |
14 pts – 19 pts |
20 pts |
|
|
Industry standard technical writing is correct and utilized throughout. |
0 pts – 9 pts |
10 pts – 14 pts |
15 pts |
|
|
TOTAL |
|
|
|
/120 |
|
Instructor Feedback
|
