CSIA 485

profileMicken2022
Project1Body1.docx

Project 1: Cybersecurity Strategy & Plan of Action

Top of Form

Hide Assignment Information

Instructions

Download the attached  detailed assignment description for this project. You should also review the rubric shown below for additional information about the requirements for the project and how your work will be graded. Please make sure that you use both the assignment description file AND the rubric when completing your work.

Due on Jul 9, 2024 11:59 PM

Attachments

CSIA 485 Project 1 - Cybersecurity Strategy and...  (151.98 KB)

Download All Files

Hide Rubrics

Rubric Name: Project #1 Cybersecurity Strategy & Plan of Action

Print

Criteria

Excellent

Outstanding

Acceptable

Needs Improvement

Needs Significant Improvement

Missing or Unacceptable

Criterion Score

Business Context / Use of Scenario

10 points

Analysis and strategy clearly, concisely, and accurately incorporated information about the designated business context and scenario information as presented in the course readings. No evidence present indicating use of previous course scenarios. 

8 points

Analysis and strategy clearly and accurately incorporated information about the designated business context and scenario information as presented in the course readings. No evidence present indicating use of previous course scenarios. 

7 points

Analysis and strategy accurately incorporated information about the designated business context and scenario information as presented in the course readings. No evidence present indicating use of previous course scenarios.

4 points

Analysis and strategy used relevant information from the designated business context and scenario as presented in the course readings.

2 points

Deliverable used some information related to the designated company or industry. 

0 points

Deliverable did not incorporate information from the designated business context / scenario as presented in the course readings.

Score of Business Context / Use of Scenario,

/ 10

Introduction or Overview for the Security Strategy

10 points

Provided an excellent overview of the security strategy. The introduction was clear, concise, and accurate. Writer appropriately used information from 3 or more authoritative sources

8 points

Provided an outstanding overview of the security strategy.  The introduction was clear and accurate. Writer appropriately used information from at least 2 authoritative sources

7 points

Provided an acceptable overview of the security strategy. Writer appropriately used information from authoritative sources

6 points

Provided an overview but the section lacked important details. Information from authoritative sources was cited and used in the overview.

4 points

Attempted to provide an introduction to the security strategy but this section lacked detail, was off topic, and/or was not well supported by information drawn from authoritative sources.

0 points

The introduction and/or overview sections of the paper were missing.

Score of Introduction or Overview for the Security Strategy,

/ 10

Gap Analysis (steps 1 & 2)

10 points

Provided an excellent gap analysis that included a discussion of the identified gaps and a risk register for 10 or more significant cybersecurity issues / challenges / risks impacting the designated company. Used all 6 categories listed in the assignment (CIA and PPT) and assigned an appropriate impact level. Appropriately used information from 3 or more authoritative sources.

8 points

Provided an outstanding gap analysis that included a discussion of the identified gaps and a risk register for 8 or more significant cybersecurity issues / challenges / risks impacting the designated company. Used at least 5 of the categories listed in the assignment (CIA and PPT) and assigned an appropriate impact level. Appropriately used information from 3 or more authoritative sources.

7 points

Provided an acceptable gap analysis that included a discussion of the identified gaps and a risk register for 6 or more significant cybersecurity issues / challenges / risks impacting the designated company. Used at least 3 of the categories listed in the assignment (CIA and PPT) and assigned an appropriate impact level. Appropriately used information from 3 or more authoritative sources.

6 points

Provided a discussion about gaps, risks, and impacts for the designated company. Information from authoritative sources was cited and used.

4 points

Attempted to provide information about gaps and/or risks in the designated company. The discussion was significantly lacking in detail and/or was not well supported by information drawn from authoritative sources.

0 points

This section was missing, off topic, or failed to provide relevant information.

Score of Gap Analysis (steps 1 & 2),

/ 10

Legal & Regulatory Analysis (Steps 3 & 4)

10 points

Provided an excellent analysis of the legal and regulatory guidance for (a) the designated industry and (b) companies in general. Incorporated relevant information into 10 or more risk register entries by mapping laws / regulations the the individual risk entries. Appropriately used information from 3 or more authoritative sources.

8 points

Provided an outstanding analysis of the legal and regulatory guidance for (a) the designated industry and (b) companies in general. Incorporated relevant information into into 8 or more risk register entries by mapping laws / regulations the the individual risk entries. Appropriately used information from 3 or more authoritative sources.

7 points

Provided an acceptable analysis of the legal and regulatory guidance for (a) the designated industry and (b) companies in general. Incorporated relevant information into into 6 or more risk register entries by mapping laws / regulations the the individual risk entries. Appropriately used information from 3 or more authoritative sources.

6 points

Provided a discussion of relevant laws and regulations impacting the designated company. Information from authoritative sources was cited and used.

4 points

Attempted to provide information about relevant laws and regulations. The discussion was significantly lacking in detail and/or was not well supported by information drawn from authoritative sources.

0 points

This section was missing, off topic, or failed to provide relevant information.

Score of Legal & Regulatory Analysis (Steps 3 & 4),

/ 10

Risk Management Strategy (Step 5)

15 points

Provided an excellent risk management strategy. Mapped relevant risk mitigation strategies to at least 10 risk register entries (accept, avoid, control, transfer). For control strategies, included identifiers and titles of controls from the NIST CSF or other approved source of IT security controls. Appropriately used information from 3 or more authoritative sources.

13.5 points

Provided an outstanding risk management strategy. Mapped relevant risk mitigation strategies to at least 8 risk register entries (accept, avoid, control, transfer). For control strategies, included identifiers and titles of controls from the NIST CSF or other approved source of IT security controls. Appropriately used information from 3 or more authoritative sources.

12 points

Provided an acceptable risk management strategy. Mapped relevant risk mitigation strategies to at least 6 risk register entries (accept, avoid, control, transfer). For control strategies, included identifiers and titles of controls from the NIST CSF or other approved source of IT security controls. Appropriately used information from 3 or more authoritative sources.

10 points

Provided a discussion of relevant risk treatment strategies for the designated company. Information from authoritative sources was cited and used.

6 points

Attempted to provide information about risk management. OR, the discussion was not well supported by information from authoritative sources.

0 points

This section was missing, off topic, or failed to provide relevant information.

Score of Risk Management Strategy (Step 5),

/ 15

Cybersecurity Strategy (Step 6)

15 points

Presented a Cybersecurity Strategy containing five or more specific actions (strategies) that the company should take mitigate cybersecurity risks. Included information from the gap analysis, legal and regulatory analysis, risk analysis. Each strategy included information about how the strategy will affect or leverage 3 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram showing the to-be state of the IT infrastructure including recommended mitigating or “control” technologies. Appropriately used information from 3 or more authoritative sources.

13.5 points

Presented a Cybersecurity Strategy containing four or more specific actions (strategies) that the company should take to mitigate cybersecurity risks. Included information from steps 1-5. Each strategy included information about how the strategy will affect or leverage 2 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram showing the to-be state of the IT infrastructure including recommended mitigating or “control” technologies. Appropriately used information from 3 or more authoritative sources.

12 points

Presented a Cybersecurity Strategy containing three or more specific actions (strategies) that the company should take to mitigate cybersecurity risks. Included information from steps 1-5. Each strategy included information about how the strategy will affect or leverage 1 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram. Appropriately used information from 3 or more authoritative sources.

10 points

Provided a discussion of the recommended cybersecurity strategy for the designated company. Information from authoritative sources was cited and used.

6 points

Attempted to provide summary information about the recommended cybersecurity strategy. OR, the discussion was not well supported by information from authoritative sources.

0 points

This section was missing, off topic, or failed to provide relevant information.

Score of Cybersecurity Strategy (Step 6),

/ 15

Plan of Action & Timeline (Step 7)

10 points

Presented an excellent (clear and concise) "proposed" plan of action and implementation timeline that addressed actions required to implement each element of the cybersecurity strategy. Provided time, effort, and cost estimates for implementing the recommended actions (included appropriate explanations of your reasoning). Included the resources (people, money, etc.) necessary for completing each task in the timeline.

8 points

Presented an outstanding "proposed" plan of action and implementation timeline that addressed 4 or more actions required to implement the cybersecurity strategy. Provided time, effort, and cost estimates for implementing the recommended actions (included appropriate explanations of your reasoning). Included the resources (people, money, etc.) necessary for completing each task in the timeline.

7 points

Presented an acceptable "proposed" plan of action and implementation timeline that addressed 3 or more actions required to implement the cybersecurity strategy. Provided information about time, effort, and cost estimates for implementing the recommended actions. Mentioned resources (people, money, etc.) necessary for completing each task in the timeline.

6 points

Provided a discussion of the actions required to implement the cybersecurity strategy for the designated company. Mentioned time and resource requirements. Information from authoritative sources was cited and used.

4 points

Attempted to provide summary information about the plant of action and timelines for implementing the cybersecurity strategy. OR, the discussion was not well supported by information from authoritative sources.

0 points

This section was missing, off topic, or failed to provide relevant information.

Score of Plan of Action & Timeline (Step 7),

/ 10

Cover Letter / Recommendations Memo (Step 8)

10 points

Provided an excellent cover letter / memorandum addressed to the Merger & Acquisition Team which summarizes why this package is being forwarded to the M&A team for “review and action.” The memo  identified and briefly summarized 5 or more "action" recommendations which logically flow from the Cybersecurity Strategy and Plan of Action.

8 points

Provided an outstanding cover letter / memorandum addressed to the Merger & Acquisition Team which summarizes why this package is being forwarded to the M&A team for “review and action.” The memo  identified and briefly summarized 4 or more "action" recommendations which logically flow from the Cybersecurity Strategy and Plan of Action.

7 points

Provided an acceptable cover letter / memorandum addressed to the Merger & Acquisition Team. The memo  identified and briefly summarized 3 or more "action" recommendations which logically flow from the Cybersecurity Strategy and Plan of Action.

6 points

Provided a cover letter or memorandum for the deliverable which included a brief summary of recommendations related to the Cybersecurity Strategy and/or Plan of Action.

4 points

Provided a closing section with some mention of future actions required to implement the cybersecurity strategy. OR this section lacked originality / was not well supported by information from authoritative sources.

0 points

This section was missing, off topic, or failed to provide relevant information.

Score of Cover Letter / Recommendations Memo (Step 8),

/ 10

Professionalism: Consistent Use and Formatting for Citations and Reference List

5 points

Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. Reference list entries and in-text citations are consistently and correctly formatted using an appropriate citation style (APA, MLA, etc.).

4 points

Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. One or two inconsistencies or errors in  format for in-text citations and/or reference list entries.

3 points

Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. No more than 5 inconsistencies or errors in  format for in-text citations and/or reference list entries.

2 points

Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 10 inconsistencies or errors in format.

1 point

Work attempts to credit sources but demonstrates a fundamental failure to understand and/or consistently apply a professional formatting style for the reference list and/or citations.

0 points

Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.

Score of Professionalism: Consistent Use and Formatting for Citations and Reference List,

/ 5

Professionalism: Organization, Appearance, & Execution

5 points

Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.  No formatting, grammar, spelling, or punctuation errors.

4 points

Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings. Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.

3 points

Organization and/or appearance of submitted work needs improvement. Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.

2 points

Submitted work has multiple significant errors in style or formatting, spelling, grammar, and/or punctuation. Work is unprofessional in appearance. Work requires substantial rewrite to improve professional appearance.

1 point

Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. Work is disorganized and needs to be rewritten for readability and professional appearance. 

0 points

No work submitted.

Score of Professionalism: Organization, Appearance, & Execution,

/ 5