Cybersecurity project
benita01
RubricAssessment-Project2.pdf
11/12/21, 12:21 PMRubric Assessment - CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218) - UMGC Learning Management System
Page 1 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assessm…1151&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Project 2: Manager's Deskbook Course: CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218)
Execu!ve Summary Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement
Missing or Unacceptable
Execu!ve Summary
for the Policy
Briefing Package
10 points
The Execu!ve Summary
provided an excellent
summary of the policy
package's purpose and
contents. Informa!on
about the case study
company was well
integrated into the
summary. Each policy
was individually
introduced and clearly
explained. The material
was well organized and
easy to read.
8.5 points
The Execu!ve Summary
provided an outstanding
summary of the policy
package's purpose and
contents. Informa!on
about the case study
company was integrated
into the summary. Each
policy in the briefing
package was individually
introduced and briefly
explained. The material
was well organized and
easy to read.
7 points
The Execu!ve Summary
provided an acceptable
overview of the contents
of the policy package.
Informa!on about the
case study company was
used in the summary.
Each policy in the
briefing package was
named and briefly
explained.
6 points
The Execu!ve Summary
provided an overview of
the policy package.
Informa!on about the
case study company was
men!oned.
4 points
An execu!ve summary
was provided but lacked
details as to the purpose
and contents of the
policy package.(Or,
inappropriate or
excessive copying from
other authors' work.)
0 points
No work submi"ed.
Data Breach
Response Policy Excellent Outstanding Acceptable Needs Improvement
Needs Significant Improvement
Missing or Unacceptable
Policy Introduc!on 10 points
The Data Breach
Response policy
contained an excellent
introduc!on which
clearly iden!fied the
policy issue and then
addressed five or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments. The
introduc!on clearly and
concisely presented the
major reasons why the
company must have this
policy.
8.5 points
The Data Breach
Response policy
contained an outstanding
introduc!on which
clearly iden!fied the
policy issue and
addressed three or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments. The
introduc!on addressed
the reasons why the
company must have this
policy.
7 points
The introduc!on for the
Data Breach Response
policy iden!fied the
policy issue and
addressed three or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments. The
introduc!on men!oned
at least one reason why
the company must have
this policy.
6 points
The introduc!on to the
Data Breach Response
policy men!ons the case
study company and why
the policy is required.
4 points
The Data Breach
Response policy was built
from a sample template
or list of "recommended"
contents without
customiza!on for the
case study company. (Or,
inappropriate or
excessive copying from
other authors' work.)
0 points
No work submi"ed.
20 points
The body of the policy
provided an excellent
descrip!on of the ac!ons
required to create and
implement a data breach
response plan. The policy
iden!fied the responsible
par!es, compliance
requirements, and
sanc!ons / disciplinary
ac!ons for compliance
failures. Contact
informa!on is provided
for ques!ons about the
policy. The policy was
18 points
The body of the policy
provided an outstanding
descrip!on of the ac!ons
required to create and
implement a data breach
response plan. The policy
iden!fied the responsible
par!es, compliance
requirements, and
sanc!ons / disciplinary
ac!ons for compliance
failures. Contact
informa!on is provided
for ques!ons about the
policy. The policy was
16 points
The body of the policy
addressed the ac!ons
required to create and
implement a data breach
response plan. The policy
iden!fied the responsible
par!es, compliance
requirements, and
sanc!ons / disciplinary
ac!ons for compliance
failures. Contact
informa!on is provided
for ques!ons about the
policy.
14 points
The body of the policy
iden!fied most of the
required ac!ons for
implemen!ng data
breach response and
men!oned responsible
par!es, compliance
requirements, and
sanc!ons / disciplinary
ac!ons for compliance
failures.
10 points
The policy was
disorganized and difficult
to understand. OR,
inappropriate or
excessive copying from
other authors' work.
0 points
No work submi"ed.
11/12/21, 12:21 PMRubric Assessment - CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218) - UMGC Learning Management System
Page 2 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assessm…1151&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Policy Content clear, concise, easy to
understand, and
appropriately organized.
easy to understand, and
appropriately organized.
Shadow IT Policy Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement
Missing or Unacceptable
Policy Introduc!on
Policy Content
10 points
The Shadow IT Policy
contained an excellent
introduc!on which
addressed three or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments and
addressed the reasons
why employees must
comply with this policy.
Compliance requirements
are addressed and
contact informa!on is
provided for ques!ons
about the policy.
8.5 points
The Shadow Policy
contained an outstanding
introduc!on which
addressed two or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments and
addressed the reasons
why employees must
comply with this policy.
Compliance requirements
are addressed and
contact informa!on is
provided for ques!ons
about the policy.
7 points
The introduc!on for the
Shadow IT Policy was
customized for the case
study company. One or
more specific
characteris!cs of the
company's business, legal
& regulatory, and/or
enterprise IT
environments were
incorporated into the
policy. Compliance
requirements were
addressed.
6 points
The introduc!on to the
Shadow IT Policy
men!ons the case study
company and compliance
requirements.
4 points
The Shadow IT was built
from a sample template
or list of "recommended"
contents without
customiza!on for the
case study company. (Or,
inappropriate or
excessive copying from
other authors' work.)
0 points
No work submi"ed.
15 points
The body of the policy
provided an excellent
descrip!on of the
required ac!ons, the
responsible par!es,
compliance requirements
including audits, and
sanc!ons / disciplinary
ac!ons for compliance
failures. Contact
informa!on is provided
for ques!ons about the
policy. The policy was
clear, concise, easy to
understand, and
appropriately organized.
13.5 points
The body of the policy
provided an outstanding
descrip!on of the
required ac!ons, the
responsible par!es,
compliance requirements
including audits, and
sanc!ons / disciplinary
ac!ons for compliance
failures. Contact
informa!on is provided
for ques!ons about the
policy. The policy was
easy to understand and
appropriately organized.
12 points
The body of the policy
provided an acceptable
descrip!on of the
required ac!ons. The
policy men!oned at least
two of the following: the
responsible par!es,
compliance requirements
including audits, and
sanc!ons / disciplinary
ac!ons for compliance
failures. Contact
informa!on is provided
for ques!ons about the
policy. The policy was
easy to understand and
appropriately organized.
9 points
Organiza!on and
appearance need
improvement. The
Shadow IT policy
men!oned compliance
requirements for
approval to purchase IT
hardware, so$ware, and
services.
6 points
The Shadow IT Policy
was disorganized and
difficult to understand.
OR, the policy was
significantly lacking in
content. (Or,
inappropriate or
excessive copying from
other authors' work.)
0 points
No work submi"ed.
Social Media
Accounts Policy Excellent Outstanding Acceptable Needs Improvement
Needs Significant Improvement
Missing or Unacceptable
5 points
The Social Media
Accounts policy
contained an excellent
introduc!on which
addressed five or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments and
addressed the reasons
why employees must
4 points
The Social Media
Accounts policy
contained an outstanding
introduc!on which
addressed three or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments and
addressed the reasons
why employees must
3 points
The introduc!on for the
Social Media Accounts
policy was customized
for the case study
company. Three or more
specific characteris!cs of
the company's business,
legal & regulatory, and/or
enterprise IT
environments were
incorporated into the
policy.
2 points
The introduc!on to the
Social Media Accounts
policy men!ons the case
study company and why
the policy is required.
1 point
The policy was built from
a template or list of "best
prac!ces" with no
customiza!on for the
case study company. (Or,
inappropriate or
excessive copying from
other authors' work.)
0 points
No work submi"ed.
11/12/21, 12:21 PMRubric Assessment - CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218) - UMGC Learning Management System
Page 3 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assessm…1151&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Policy Introduc!on
Policy Content
comply with this policy. comply with this policy.
10 points
The body of the policy
provided an excellent
descrip!on of the
required ac!ons, the
responsible par!es,
compliance requirements,
and sanc!ons /
disciplinary ac!ons for
compliance failures.
Contact informa!on is
provided for ques!ons
about the policy. The
policy addressed all
required ac!ons listed in
the assignment. The
policy was clear, concise,
easy to understand, and
appropriately organized.
8.5 points
The body of the policy
provided an outstanding
descrip!on of the
required ac!ons (as listed
in the assignment), the
responsible par!es,
compliance requirements,
and sanc!ons /
disciplinary ac!ons for
compliance failures.
Contact informa!on is
provided for ques!ons
about the policy. The
policy was clear, easy to
understand, and
appropriately organized.
7 points
The body of the policy
iden!fied the required
ac!ons (as listed in the
assignment), the
responsible par!es,
compliance requirements,
and sanc!ons /
disciplinary ac!ons for
compliance failures.
Contact informa!on is
provided for ques!ons
about the policy.
6 points
The body of the policy
iden!fied most of the
required ac!ons (as listed
in the assignment) and
men!oned responsible
par!es, compliance
requirements, and
sanc!ons / disciplinary
ac!ons for compliance
failures.
4 points
The policy was
disorganized and difficult
to understand. (Or,
inappropriate or
excessive copying from
other authors' work.)
0 points
No work submi"ed.
Professionalism Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement
Missing or Unacceptable
Addressed security
issues using standard
terms (e.g.
confiden!ality,
integrity, availability,
non-repudia!on,
authen!city,
accountability,
auditability, etc.).
Organiza!on &
Appearance
Execu!on
5 points
Demonstrated excellence
in the use of standard
cybersecurity
terminology to support
discussion of security
issues. Appropriately
used 5 or more standard
terms.
4 points
Discussion showed an
outstanding
understanding and
integra!on of standard
cybersecurity
terminology to support
discussion of security
issues. Appropriately
used 4 or more standard
terms.
3 points
Correctly used standard
cybersecurity
terminology to support
discussion of security
issues. Appropriately
used 3 or more standard
terms.
2 points
Correctly used standard
cybersecurity
terminology to support
discussion of security
issues. Appropriately
used 2 or more standard
terms.
1 point
A"empted to use
standard cybersecurity
terminology to support
discussion of security
issues.
0 points
Did not integrate
standard cybersecurity
terminology into the
discussion OR misused or
incorrectly defined
standard cybersecurity
terms.
5 points
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.
4 points
Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).
3 points
Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.
2 points
Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.
1 point
Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.
0 points
Submitted work is poorly organized and formatted. Writing and presentation are lacking in professional style and appearance. Work does not reflect college level writing skills. Or, no submission.
10 points
No word usage, grammar, spelling, or punctuation errors. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)
8.5 points
Work contains minor errors in word usage,grammar, spelling or punctuation which do not significantly impact professional appearance. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)
7 points
Errors in word usage, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)
6 points
Submitted work has numerous errors in word usage, spelling, grammar, or punctuation which detract from readability and professional appearance. Punctuation errors may include failure to properly mark quoted or copied material (an attempt to name original source is required).
4 points
Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. Significant errors in presentation of copied text (lacks proper punctuation and failed to attribute material to original source).
0 points
No work submitted. OR, work contains significant instances of cut-and-paste without proper citing / attribution to the original work or author.
11/12/21, 12:21 PMRubric Assessment - CSIA 413 7381 Cybersecurity Policy, Plans, and Programs (2218) - UMGC Learning Management System
Page 4 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assessm…1151&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Total
Overall Score
Do Not Use This Block 0 points minimum
