Project
benita01
RubricAssessmentProject1-.pdf
2/1/22, 3:56 PMRubric Assessment - CSIA 485 6380 Practical Applications in Cyber…y Management and Policy (2222) - UMGC Learning Management System
Page 1 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5245&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Close
Print RubricProject #1 Cybersecurity Strategy & Plan of Ac!on Course: CSIA 485 6380 Prac!cal Applica!ons in Cybersecurity Management and Policy (2222)
Criteria Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement
Missing or Unacceptable
Business Context /
Use of Scenario
Introduc!on or
Overview for the
Security Strategy
Gap Analysis (steps 1
& 2)
Legal & Regulatory
Analysis (Steps 3 &
4)
10 points
Analysis and strategy
clearly, concisely, and
accurately incorporated
informa!on about the
designated business
context and scenario
informa!on as presented
in the course readings.
No evidence present
indica!ng use of previous
course scenarios.
8 points
Analysis and strategy
clearly and accurately
incorporated informa!on
about the designated
business context and
scenario informa!on as
presented in the course
readings. No evidence
present indica!ng use of
previous course
scenarios.
7 points
Analysis and strategy
accurately incorporated
informa!on about the
designated business
context and scenario
informa!on as presented
in the course readings.
No evidence present
indica!ng use of previous
course scenarios.
4 points
Analysis and strategy
used relevant informa!on
from the designated
business context and
scenario as presented in
the course readings.
2 points
Deliverable used some
informa!on related to
the designated company
or industry.
0 points
Deliverable did not
incorporate informa!on
from the designated
business context /
scenario as presented in
the course readings.
10 points
Provided an excellent
overview of the security
strategy. The
introduc!on was clear,
concise, and accurate.
Writer appropriately
used informa!on from 3
or more authorita!ve
sources
8 points
Provided an outstanding
overview of the security
strategy. The
introduc!on was clear
and accurate. Writer
appropriately used
informa!on from at least
2 authorita!ve sources
7 points
Provided an acceptable
overview of the security
strategy. Writer
appropriately used
informa!on from
authorita!ve sources
6 points
Provided an overview but
the sec!on lacked
important details.
Informa!on from
authorita!ve sources was
cited and used in the
overview.
4 points
A"empted to provide an
introduc!on to the
security strategy but this
sec!on lacked detail, was
off topic, and/or was not
well supported by
informa!on drawn from
authorita!ve sources.
0 points
The introduc!on and/or
overview sec!ons of the
paper were missing.
10 points
Provided an excellent gap
analysis that included a
discussion of the
iden!fied gaps and a risk
register for 10 or more
significant cybersecurity
issues / challenges / risks
impac!ng the designated
company. Used all 6
categories listed in the
assignment (CIA and PPT)
and assigned an
appropriate impact level.
Appropriately used
informa!on from 3 or
more authorita!ve
sources.
8 points
Provided an outstanding
gap analysis that
included a discussion of
the iden!fied gaps and a
risk register for 8 or more
significant cybersecurity
issues / challenges / risks
impac!ng the designated
company. Used at least 5
of the categories listed in
the assignment (CIA and
PPT) and assigned an
appropriate impact level.
Appropriately used
informa!on from 3 or
more authorita!ve
sources.
7 points
Provided an acceptable
gap analysis that
included a discussion of
the iden!fied gaps and a
risk register for 6 or more
significant cybersecurity
issues / challenges / risks
impac!ng the designated
company. Used at least 3
of the categories listed in
the assignment (CIA and
PPT) and assigned an
appropriate impact level.
Appropriately used
informa!on from 3 or
more authorita!ve
sources.
6 points
Provided a discussion
about gaps, risks, and
impacts for the
designated company.
Informa!on from
authorita!ve sources was
cited and used.
4 points
A"empted to provide
informa!on about gaps
and/or risks in the
designated company. The
discussion was
significantly lacking in
detail and/or was not
well supported by
informa!on drawn from
authorita!ve sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant
informa!on.
10 points
Provided an excellent
analysis of the legal and
regulatory guidance for
(a) the designated
industry and (b)
companies in general.
Incorporated relevant
informa!on into 10 or
more risk register entries
by mapping laws /
regula!ons the the
individual risk entries.
Appropriately used
8 points
Provided an outstanding
analysis of the legal and
regulatory guidance for
(a) the designated
industry and (b)
companies in general.
Incorporated relevant
informa!on into into 8 or
more risk register entries
by mapping laws /
regula!ons the the
individual risk entries.
Appropriately used
7 points
Provided an acceptable
analysis of the legal and
regulatory guidance for
(a) the designated
industry and (b)
companies in general.
Incorporated relevant
informa!on into into 6 or
more risk register entries
by mapping laws /
regula!ons the the
individual risk entries.
Appropriately used
6 points
Provided a discussion of
relevant laws and
regula!ons impac!ng the
designated company.
Informa!on from
authorita!ve sources was
cited and used.
4 points
A"empted to provide
informa!on about
relevant laws and
regula!ons. The
discussion was
significantly lacking in
detail and/or was not
well supported by
informa!on drawn from
authorita!ve sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant
informa!on.
2/1/22, 3:56 PMRubric Assessment - CSIA 485 6380 Practical Applications in Cyber…y Management and Policy (2222) - UMGC Learning Management System
Page 2 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5245&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Risk Management
Strategy (Step 5)
Cybersecurity
Strategy (Step 6)
Plan of Ac!on &
Timeline (Step 7)
informa!on from 3 or
more authorita!ve
sources.
informa!on from 3 or
more authorita!ve
sources.
informa!on from 3 or
more authorita!ve
sources.
15 points
Provided an excellent risk
management strategy.
Mapped relevant risk
mi!ga!on strategies to at
least 10 risk register
entries (accept, avoid,
control, transfer). For
control strategies,
included iden!fiers and
!tles of controls from the
NIST CSF or other
approved source of IT
security controls.
Appropriately used
informa!on from 3 or
more authorita!ve
sources.
13.5 points
Provided an outstanding
risk management
strategy. Mapped
relevant risk mi!ga!on
strategies to at least 8
risk register entries
(accept, avoid, control,
transfer). For control
strategies, included
iden!fiers and !tles of
controls from the NIST
CSF or other approved
source of IT security
controls. Appropriately
used informa!on from 3
or more authorita!ve
sources.
12 points
Provided an acceptable
risk management
strategy. Mapped
relevant risk mi!ga!on
strategies to at least 6
risk register entries
(accept, avoid, control,
transfer). For control
strategies, included
iden!fiers and !tles of
controls from the NIST
CSF or other approved
source of IT security
controls. Appropriately
used informa!on from 3
or more authorita!ve
sources.
10 points
Provided a discussion of
relevant risk treatment
strategies for the
designated company.
Informa!on from
authorita!ve sources was
cited and used.
6 points
A"empted to provide
informa!on about risk
management. OR, the
discussion was not well
supported by informa!on
from authorita!ve
sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant
informa!on.
15 points
Presented a Cybersecurity Strategy containing five or more specific actions (strategies) that the company should take mitigate cybersecurity risks. Included information from the gap analysis, legal and regulatory analysis, risk analysis. Each strategy included information about how the strategy will affect or leverage 3 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram showing the to-be state of the IT infrastructure including recommended mitigating or “control” technologies. Appropriately used information from 3 or more authoritative sources.
13.5 points
Presented a Cybersecurity Strategy containing four or more specific actions (strategies) that the company should take to mitigate cybersecurity risks. Included information from steps 1-5. Each strategy included information about how the strategy will affect or leverage 2 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram showing the to-be state of the IT infrastructure including recommended mitigating or “control” technologies. Appropriately used information from 3 or more authoritative sources.
12 points
Presented a Cybersecurity Strategy containing three or more specific actions (strategies) that the company should take to mitigate cybersecurity risks. Included information from steps 1-5. Each strategy included information about how the strategy will affect or leverage 1 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram. Appropriately used information from 3 or more authoritative sources.
10 points
Provided a discussion of the recommended cybersecurity strategy for the designated company. Information from authoritative sources was cited and used.
6 points
Attempted to provide summary information about the recommended cybersecurity strategy. OR, the discussion was not well supported by information from authoritative sources.
0 points
This section was missing, off topic, or failed to provide relevant information.
10 points
Presented an excellent (clear and concise) "proposed" plan of action and implementation timeline that addressed actions required to implement each element of the cybersecurity strategy. Provided time, effort, and cost estimates for implementing the recommended actions (included appropriate explanations of your reasoning). Included the resources (people, money, etc.) necessary for
8 points
Presented an outstanding "proposed" plan of action and implementation timeline that addressed 4 or more actions required to implement the cybersecurity strategy. Provided time, effort, and cost estimates for implementing the recommended actions (included appropriate explanations of your reasoning). Included the resources (people, money, etc.) necessary for completing each task in the
7 points
Presented an acceptable "proposed" plan of action and implementation timeline that addressed 3 or more actions required to implement the cybersecurity strategy. Provided information about time, effort, and cost estimates for implementing the recommended actions. Mentioned resources (people, money, etc.) necessary for completing each task in the timeline.
6 points
Provided a discussion of the actions required to implement the cybersecurity strategy for the designated company. Mentioned time and resource requirements. Information from authoritative sources was cited and used.
4 points
Attempted to provide summary information about the plant of action and timelines for implementing the cybersecurity strategy. OR, the discussion was not well supported by information from authoritative sources.
0 points
This section was missing, off topic, or failed to provide relevant information.
2/1/22, 3:56 PMRubric Assessment - CSIA 485 6380 Practical Applications in Cyber…y Management and Policy (2222) - UMGC Learning Management System
Page 3 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5245&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Total
Cover Le"er /
Recommenda!ons
Memo (Step 8)
Professionalism:
Consistent Use and
Forma$ng for
Cita!ons and
Reference List
Professionalism:
Organiza!on,
Appearance, &
Execu!on
completing each task in the timeline.
timeline.
10 points
Provided an excellent
cover le"er /
memorandum addressed
to the Merger &
Acquisi!on Team which
summarizes why this
package is being
forwarded to the M&A
team for “review and
ac!on.” The memo
iden!fied and briefly
summarized 5 or more
"ac!on"
recommenda!ons which
logically flow from the
Cybersecurity Strategy
and Plan of Ac!on.
8 points
Provided an outstanding
cover le"er /
memorandum addressed
to the Merger &
Acquisi!on Team which
summarizes why this
package is being
forwarded to the M&A
team for “review and
ac!on.” The memo
iden!fied and briefly
summarized 4 or more
"ac!on"
recommenda!ons which
logically flow from the
Cybersecurity Strategy
and Plan of Ac!on.
7 points
Provided an acceptable
cover le"er /
memorandum addressed
to the Merger &
Acquisi!on Team. The
memo iden!fied and
briefly summarized 3 or
more "ac!on"
recommenda!ons which
logically flow from the
Cybersecurity Strategy
and Plan of Ac!on.
6 points
Provided a cover le"er or
memorandum for the
deliverable which
included a brief summary
of recommenda!ons
related to the
Cybersecurity Strategy
and/or Plan of Ac!on.
4 points
Provided a closing
sec!on with some
men!on of future ac!ons
required to implement
the cybersecurity
strategy. OR this sec!on
lacked originality / was
not well supported by
informa!on from
authorita!ve sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant
informa!on.
5 points
Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. Reference list entries and in- text citations are consistently and correctly formatted using an appropriate citation style (APA, MLA, etc.).
4 points
Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. One or two inconsistencies or errors in format for in-text citations and/or reference list entries.
3 points
Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. No more than 5 inconsistencies or errors in format for in-text citations and/or reference list entries.
2 points
Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 10 inconsistencies or errors in format.
1 point
Work attempts to credit sources but demonstrates a fundamental failure to understand and/or consistently apply a professional formatting style for the reference list and/or citations.
0 points
Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.
5 points
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type. No formatting, grammar, spelling, or punctuation errors.
4 points
Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings. Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.
3 points
Organization and/or appearance of submitted work needs improvement. Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.
2 points
Submitted work has multiple significant errors in style or formatting, spelling, grammar, and/or punctuation. Work is unprofessional in appearance. Work requires substantial rewrite to improve professional appearance.
1 point
Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. Work is disorganized and needs to be rewritten for readability and professional appearance.
0 points
No work submitted.
2/1/22, 3:56 PMRubric Assessment - CSIA 485 6380 Practical Applications in Cyber…y Management and Policy (2222) - UMGC Learning Management System
Page 4 of 4https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5245&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0
Overall Score
Do Not Use This Box 0 points minimum
