Final Project - Module 8
Starr0804
ITS4910_ProjectRubrics.docxGrading Rubrics for Project Component Assignments
ITS 4910
Schematics
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 - 17 |
16 - 0 |
0 |
Score |
|
Content
|
· Includes highly accurate and detailed depictions of each data center · Includes accurate and highly detailed depiction of connectivity between data centers · Schematics are well organized and clearly presented |
· Includes accurate depictions of each data center · Accurately depicts connectivity between data centers · Schematics are easily read and understood |
· Depictions of each data center are included · Connectivity between each data center is shown
|
· Depictions of data centers are incomplete or highly inaccurate · Depiction of connectivity between data centers is incomplete or highly inaccurate |
· One or more schematic of data centers or connectivity is missing |
|
Narrative
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 - 17 |
16 - 0 |
0 |
Score |
|
Content |
Narrative includes: · Thorough and highly detailed description of how IT infrastructure was designed within and between data centers · Thorough and cogent rationale for all design decisions · Comprehensive explanation of IT equipment, tools, and software used, and security controls required at each level of infrastructure. · Comprehensive list of venders, clearly depicted and explained; rationale given for all vendor choices |
Narrative includes: · Description of how IT infrastructure was designed within and between data centers · Rationale for all design decisions · Explanation of IT equipment, tools, and software used, and security controls required at each level of infrastructure. · Choice of vendors clearly depicted and explained |
Narrative includes all of the following, but with one to two items lacking in detail or containing minor inaccuracies: · Description of how IT infrastructure was designed within and between data centers · Rationale for all design decisions · Explanation of IT equipment, tools, and software used, and security controls required at each level of infrastructure. · Choice of vendors clearly depicted and explained |
Narrative includes all of the following, but with three or more items lacking in detail or containing minor inaccuracies: · Description of how IT infrastructure was designed within and between data centers · Rationale for all design decisions · Explanation of IT equipment, tools, and software used, and security controls required at each level of infrastructure · Choice of vendors clearly depicted and explained |
One or more of the following is missing or mostly inaccurate: · Description of how IT infrastructure was designed within and between data centers · Rationale for all design decisions · Explanation of IT equipment, tools, and software used, and security controls required at each level of infrastructure. · Choice of vendors clearly depicted and explained |
|
Security Policy Statement
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 – 17 |
16 - 0 |
0 |
Score |
|
Content
|
Contains a clear explanation of purpose and scope of the policy and specific objectives of the policy, including information beyond what is found in the template. |
Contains a clear explanation of purpose and scope of the policy and specific objectives of the policy. |
Consists of completed template with required items included. |
One to two required items not included. |
Three or more required items not included. |
|
Security Education and Training Plan
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 – 17 |
16 - 0 |
0 |
Score |
|
Content
|
Plan includes clear and highly detailed descriptions of the following: · Overall program · Choice of methods for delivery of training and materials, as well as explanation of rationale for that choice · Audience, along with discussion of implications for training delivery · Timeframes |
Plan includes clear and highly detailed descriptions of the following: · Overall program · Audience · Methods for delivery of training and materials · timeframes |
Plan includes the minimum of description for the following: · Overall program · Audience · Methods for delivery of training and materials · timeframes |
One or two of the following are missing or incomplete: · Overall program · Audience · Methods for delivery of training and materials · timeframes |
Three or more of the following are missing or incomplete: · Overall program · Audience · Methods for delivery of training and materials · timeframes |
|
Security Procedures for Equipment and Tools
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 – 17 |
16 - 0 |
0 |
Score |
|
Content
|
· All relevant equipment and tools are addressed · Statements of purpose, scope, procedures, enforcement, and revision history for each tool and piece of equipment are comprehensive and include information beyond that suggested by the template |
· Necessary equipment and tools are addressed · For each tool and piece of equipment addressed, statements of purpose, scope, procedures, enforcement, and revision history are included |
· Most necessary equipment and tools are addressed, with one to two missing or not completely addressed · For each tool and piece of equipment addressed, all but one to two items in the template are completed correctly |
· Three or more necessary tools or equipment are not addressed · Three or more items missing from template. |
· Only one to two necessary tools or equipment are addressed · Template is not used, or only one to two template items completed |
|
Security Procedure for Application Servers and General Access Control
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 – 17 |
16 - 0 |
0 |
Score |
|
Content
|
· Security procedures provided for all application servers include clear, specific, and detailed statements of purpose, scope, procedures, enforcement, and revision history · General access control procedure includes clear explanation of how they can be applied to any infrastructure support and/or administrative personnel (including end-users), and rationale for procedures |
· Security procedures provided for all application servers include clear statements of purpose, scope, procedures, enforcement, and revision history · General access control procedure includes clear and concise explanation of how they can be applied to any infrastructure support and/or administrative personnel (including end-users), and rationale for procedures
|
· Most procedures addressed, with one to two missing or incomplete · General access control procedure can be applied to any infrastructure support and/or administrative personnel (including end-users) |
· Several procedures (three or four) missing or incomplete · General access control procedure incomplete or does not completely apply to any infrastructure support and/or administrative personnel (including end-users)
|
· Most or all procedures (Five or more) missing or incomplete · General access control procedure missing or minimally addressed |
|
Incident Response Plan
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 – 17 |
16 - 0 |
0 |
Score |
|
Content
|
Plan includes the following for one data center and the global network: · Comprehensive list and explanation of potential incidents · Rating of incidents by risks as high, medium, or low, with rationale for all ratings · Mitigating controls to reduce the identified risks, with clear explanation and rational for each control · Identification of incident response team (contact list – names, titles, work and home contact information) with roles and responsibilities, and explanation of why those roles are responsibilities were assigned to each team member · Detailed and concise process to assess, describe, and document the damage with appropriate forms; explanation of rationale for each step in the process; forms clear and well laid-out · Detailed and concise incident reporting process and appropriate forms; explanation of rationale for each step in the process; forms clear and well laid-out |
Plan includes the following required items for one data center and the global network: · Identification of potential incidents · Rating of incidents by risks as high, medium, or low · Mitigating controls to reduce the identified risks · Identification of incident response team (contact list – names, titles, work and home contact information) with roles and responsibilities · Process to assess, describe, and document the damage with appropriate forms · Incident reporting process and appropriate forms |
All required items are included with one to two incomplete |
One to two required items missing, three required items incomplete, or major portions of data center and global network not addressed
|
Plan does not address data center and/or global network Half or more of required items missing or incomplete |
|
Disaster Recovery Plan
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
25 - 22 |
21 - 20 |
19 – 17 |
16 - 0 |
0 |
Score |
|
Content
|
Plan includes the following for one data center and the global network: · Clear, concise, and detailed recovery plan with specific recovery process objectives. · List of disaster recovery teams for each data center and the global network, with rationale for team assignments. · Contact list for each of the teams and backup team members with their names, job titles, work and home contact information, and their roles and responsibilities; rationale for assignment of each team member · Inventory list of hardware and software (with version numbers) for the IT infrastructure · Alternate recovery site location(s) with descriptions of what equipment and/or resources should be at the site and why · Escalation call tree of IT leaders based on the severity event levels with names, job titles, work and home contact information; detailed explanation of call tree |
Plan includes the following required items for one data center and the global network: · Basic recovery plan detailing the recovery process objectives. · List of disaster recovery teams for each data center and the global network. · Contact list for each of the teams and backup team members with their names, job titles, work and home contact information, and their roles and responsibilities · Inventory list of hardware and software (with version numbers) for the IT infrastructure · Alternate recovery site location(s) with descriptions of what equipment and/or resources should be at the site · Escalation call tree of IT leaders based on the severity event levels with names, job titles, work and home contact information |
All required items are included with one incomplete |
One to two required items missing, two required items incomplete, or major portions of data center and global network not addressed
|
Plan does not address data center and/or global network Half or more of required items missing or incomplete |
|
Final Project Additional Components
|
Rating |
Excellent |
Good |
Acceptable |
Less than acceptable |
Unacceptable |
|
|
Points |
50 - 43 |
42 - 39 |
38 – 33 |
32 - 0 |
0 |
Score |
|
Content
|
Contains Risk Assessment, Business Impact Analysis, Table of Contents, Introduction, Appendix, and properly formatted references.
· No spelling or grammar errors and paper flows smoothly.
|
Contains Risk Assessment, Business Impact Analysis, Table of Contents, Introduction, Appendix, and references with one or two minor formatting or spelling errors.
· Paper flows smoothly. |
Contains Risk Assessment, Business Impact Analysis, Table of Contents, Introduction, Appendix, and references. · However, there are many formatting or spelling errors. · Paper flows smoothly. |
A required item not included or paper does not flow smoothly and has several format, spelling, or grammar errors.
|
Two or more required items not included. |
|
