CSIA 485
Project 1: Cybersecurity Strategy & Plan of Action
Top of Form
|
Hide Assignment Information |
||||||
|
Instructions |
|
|||||
|
Download the attached detailed assignment description for this project. You should also review the rubric shown below for additional information about the requirements for the project and how your work will be graded. Please make sure that you use both the assignment description file AND the rubric when completing your work. |
||||||
|
|
|
|||||
|
Due on Jul 9, 2024 11:59 PM |
||||||
|
Attachments |
|
|||||
|
Hide Rubrics
Rubric Name: Project #1 Cybersecurity Strategy & Plan of Action
|
Criteria |
Excellent |
Outstanding |
Acceptable |
Needs Improvement |
Needs Significant Improvement |
Missing or Unacceptable |
Criterion Score |
|
Business Context / Use of Scenario |
10 points Analysis and strategy clearly, concisely, and accurately incorporated information about the designated business context and scenario information as presented in the course readings. No evidence present indicating use of previous course scenarios. |
8 points Analysis and strategy clearly and accurately incorporated information about the designated business context and scenario information as presented in the course readings. No evidence present indicating use of previous course scenarios. |
7 points Analysis and strategy accurately incorporated information about the designated business context and scenario information as presented in the course readings. No evidence present indicating use of previous course scenarios. |
4 points Analysis and strategy used relevant information from the designated business context and scenario as presented in the course readings. |
2 points Deliverable used some information related to the designated company or industry. |
0 points Deliverable did not incorporate information from the designated business context / scenario as presented in the course readings. |
Score of Business Context / Use of Scenario, / 10 |
|
Introduction or Overview for the Security Strategy |
10 points Provided an excellent overview of the security strategy. The introduction was clear, concise, and accurate. Writer appropriately used information from 3 or more authoritative sources |
8 points Provided an outstanding overview of the security strategy. The introduction was clear and accurate. Writer appropriately used information from at least 2 authoritative sources |
7 points Provided an acceptable overview of the security strategy. Writer appropriately used information from authoritative sources |
6 points Provided an overview but the section lacked important details. Information from authoritative sources was cited and used in the overview. |
4 points Attempted to provide an introduction to the security strategy but this section lacked detail, was off topic, and/or was not well supported by information drawn from authoritative sources. |
0 points The introduction and/or overview sections of the paper were missing. |
Score of Introduction or Overview for the Security Strategy, / 10 |
|
Gap Analysis (steps 1 & 2) |
10 points Provided an excellent gap analysis that included a discussion of the identified gaps and a risk register for 10 or more significant cybersecurity issues / challenges / risks impacting the designated company. Used all 6 categories listed in the assignment (CIA and PPT) and assigned an appropriate impact level. Appropriately used information from 3 or more authoritative sources. |
8 points Provided an outstanding gap analysis that included a discussion of the identified gaps and a risk register for 8 or more significant cybersecurity issues / challenges / risks impacting the designated company. Used at least 5 of the categories listed in the assignment (CIA and PPT) and assigned an appropriate impact level. Appropriately used information from 3 or more authoritative sources. |
7 points Provided an acceptable gap analysis that included a discussion of the identified gaps and a risk register for 6 or more significant cybersecurity issues / challenges / risks impacting the designated company. Used at least 3 of the categories listed in the assignment (CIA and PPT) and assigned an appropriate impact level. Appropriately used information from 3 or more authoritative sources. |
6 points Provided a discussion about gaps, risks, and impacts for the designated company. Information from authoritative sources was cited and used. |
4 points Attempted to provide information about gaps and/or risks in the designated company. The discussion was significantly lacking in detail and/or was not well supported by information drawn from authoritative sources. |
0 points This section was missing, off topic, or failed to provide relevant information. |
Score of Gap Analysis (steps 1 & 2), / 10 |
|
Legal & Regulatory Analysis (Steps 3 & 4) |
10 points Provided an excellent analysis of the legal and regulatory guidance for (a) the designated industry and (b) companies in general. Incorporated relevant information into 10 or more risk register entries by mapping laws / regulations the the individual risk entries. Appropriately used information from 3 or more authoritative sources. |
8 points Provided an outstanding analysis of the legal and regulatory guidance for (a) the designated industry and (b) companies in general. Incorporated relevant information into into 8 or more risk register entries by mapping laws / regulations the the individual risk entries. Appropriately used information from 3 or more authoritative sources. |
7 points Provided an acceptable analysis of the legal and regulatory guidance for (a) the designated industry and (b) companies in general. Incorporated relevant information into into 6 or more risk register entries by mapping laws / regulations the the individual risk entries. Appropriately used information from 3 or more authoritative sources. |
6 points Provided a discussion of relevant laws and regulations impacting the designated company. Information from authoritative sources was cited and used. |
4 points Attempted to provide information about relevant laws and regulations. The discussion was significantly lacking in detail and/or was not well supported by information drawn from authoritative sources. |
0 points This section was missing, off topic, or failed to provide relevant information. |
Score of Legal & Regulatory Analysis (Steps 3 & 4), / 10 |
|
Risk Management Strategy (Step 5) |
15 points Provided an excellent risk management strategy. Mapped relevant risk mitigation strategies to at least 10 risk register entries (accept, avoid, control, transfer). For control strategies, included identifiers and titles of controls from the NIST CSF or other approved source of IT security controls. Appropriately used information from 3 or more authoritative sources. |
13.5 points Provided an outstanding risk management strategy. Mapped relevant risk mitigation strategies to at least 8 risk register entries (accept, avoid, control, transfer). For control strategies, included identifiers and titles of controls from the NIST CSF or other approved source of IT security controls. Appropriately used information from 3 or more authoritative sources. |
12 points Provided an acceptable risk management strategy. Mapped relevant risk mitigation strategies to at least 6 risk register entries (accept, avoid, control, transfer). For control strategies, included identifiers and titles of controls from the NIST CSF or other approved source of IT security controls. Appropriately used information from 3 or more authoritative sources. |
10 points Provided a discussion of relevant risk treatment strategies for the designated company. Information from authoritative sources was cited and used. |
6 points Attempted to provide information about risk management. OR, the discussion was not well supported by information from authoritative sources. |
0 points This section was missing, off topic, or failed to provide relevant information. |
Score of Risk Management Strategy (Step 5), / 15 |
|
Cybersecurity Strategy (Step 6) |
15 points Presented a Cybersecurity Strategy containing five or more specific actions (strategies) that the company should take mitigate cybersecurity risks. Included information from the gap analysis, legal and regulatory analysis, risk analysis. Each strategy included information about how the strategy will affect or leverage 3 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram showing the to-be state of the IT infrastructure including recommended mitigating or “control” technologies. Appropriately used information from 3 or more authoritative sources. |
13.5 points Presented a Cybersecurity Strategy containing four or more specific actions (strategies) that the company should take to mitigate cybersecurity risks. Included information from steps 1-5. Each strategy included information about how the strategy will affect or leverage 2 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram showing the to-be state of the IT infrastructure including recommended mitigating or “control” technologies. Appropriately used information from 3 or more authoritative sources. |
12 points Presented a Cybersecurity Strategy containing three or more specific actions (strategies) that the company should take to mitigate cybersecurity risks. Included information from steps 1-5. Each strategy included information about how the strategy will affect or leverage 1 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram. Appropriately used information from 3 or more authoritative sources. |
10 points Provided a discussion of the recommended cybersecurity strategy for the designated company. Information from authoritative sources was cited and used. |
6 points Attempted to provide summary information about the recommended cybersecurity strategy. OR, the discussion was not well supported by information from authoritative sources. |
0 points This section was missing, off topic, or failed to provide relevant information. |
Score of Cybersecurity Strategy (Step 6), / 15 |
|
Plan of Action & Timeline (Step 7) |
10 points Presented an excellent (clear and concise) "proposed" plan of action and implementation timeline that addressed actions required to implement each element of the cybersecurity strategy. Provided time, effort, and cost estimates for implementing the recommended actions (included appropriate explanations of your reasoning). Included the resources (people, money, etc.) necessary for completing each task in the timeline. |
8 points Presented an outstanding "proposed" plan of action and implementation timeline that addressed 4 or more actions required to implement the cybersecurity strategy. Provided time, effort, and cost estimates for implementing the recommended actions (included appropriate explanations of your reasoning). Included the resources (people, money, etc.) necessary for completing each task in the timeline. |
7 points Presented an acceptable "proposed" plan of action and implementation timeline that addressed 3 or more actions required to implement the cybersecurity strategy. Provided information about time, effort, and cost estimates for implementing the recommended actions. Mentioned resources (people, money, etc.) necessary for completing each task in the timeline. |
6 points Provided a discussion of the actions required to implement the cybersecurity strategy for the designated company. Mentioned time and resource requirements. Information from authoritative sources was cited and used. |
4 points Attempted to provide summary information about the plant of action and timelines for implementing the cybersecurity strategy. OR, the discussion was not well supported by information from authoritative sources. |
0 points This section was missing, off topic, or failed to provide relevant information. |
Score of Plan of Action & Timeline (Step 7), / 10 |
|
Cover Letter / Recommendations Memo (Step 8) |
10 points Provided an excellent cover letter / memorandum addressed to the Merger & Acquisition Team which summarizes why this package is being forwarded to the M&A team for “review and action.” The memo identified and briefly summarized 5 or more "action" recommendations which logically flow from the Cybersecurity Strategy and Plan of Action. |
8 points Provided an outstanding cover letter / memorandum addressed to the Merger & Acquisition Team which summarizes why this package is being forwarded to the M&A team for “review and action.” The memo identified and briefly summarized 4 or more "action" recommendations which logically flow from the Cybersecurity Strategy and Plan of Action. |
7 points Provided an acceptable cover letter / memorandum addressed to the Merger & Acquisition Team. The memo identified and briefly summarized 3 or more "action" recommendations which logically flow from the Cybersecurity Strategy and Plan of Action. |
6 points Provided a cover letter or memorandum for the deliverable which included a brief summary of recommendations related to the Cybersecurity Strategy and/or Plan of Action. |
4 points Provided a closing section with some mention of future actions required to implement the cybersecurity strategy. OR this section lacked originality / was not well supported by information from authoritative sources. |
0 points This section was missing, off topic, or failed to provide relevant information. |
Score of Cover Letter / Recommendations Memo (Step 8), / 10 |
|
Professionalism: Consistent Use and Formatting for Citations and Reference List |
5 points Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. Reference list entries and in-text citations are consistently and correctly formatted using an appropriate citation style (APA, MLA, etc.). |
4 points Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. One or two inconsistencies or errors in format for in-text citations and/or reference list entries. |
3 points Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. No more than 5 inconsistencies or errors in format for in-text citations and/or reference list entries. |
2 points Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 10 inconsistencies or errors in format. |
1 point Work attempts to credit sources but demonstrates a fundamental failure to understand and/or consistently apply a professional formatting style for the reference list and/or citations. |
0 points Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper. |
Score of Professionalism: Consistent Use and Formatting for Citations and Reference List, / 5 |
|
Professionalism: Organization, Appearance, & Execution |
5 points Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type. No formatting, grammar, spelling, or punctuation errors. |
4 points Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings. Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance. |
3 points Organization and/or appearance of submitted work needs improvement. Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. |
2 points Submitted work has multiple significant errors in style or formatting, spelling, grammar, and/or punctuation. Work is unprofessional in appearance. Work requires substantial rewrite to improve professional appearance. |
1 point Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. Work is disorganized and needs to be rewritten for readability and professional appearance. |
0 points No work submitted. |
Score of Professionalism: Organization, Appearance, & Execution, / 5 |