SlideShare a Scribd company logo

IT 549 Final Project Guidelines and Rubric Overview .docx

Download as DOCX, PDF
C
christiandean12115

The document outlines the guidelines and rubric for a final project focused on creating a functional information assurance plan. It emphasizes the importance of effective information management and best practices for protecting data to enhance customer interactions and overall organizational effectiveness. The project is divided into four milestones, each assessed separately, culminating in a comprehensive submission that integrates researched strategies for assessing risks, determining roles, and establishing response protocols related to information security.

Education
1 of 28
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
IT 549 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a functional information assurance plan. The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information assurance plan and posture that are reviewed on a weekly basis. This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial for you to become a desired asset to organizations seeking industry professionals in the information assurance field. The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules
Two, Four, Five, and Seven. The final product will be submitted in Module Nine. In this assignment, you will demonstrate your mastery of the following course outcomes: information in a given situation for their relation to an information assurance plan otocols for incident and disaster responses and managing security functions that adhere to best practices for information assurance research and industry best practices to inform network governance practices for maintaining an information assurance plan decisions about security, access controls, and legal issues ble threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated risks Prompt Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
presented in the scenario. Specifically, the following critical elements must be addressed in your plan: I. Information Assurance Plan Introduction a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts? b) Assess the confidentiality, integrity, and availability of information within the organization. c) Evaluate the current protocols and policies the organization has in place. What deficiencies exist within the organization’s current information assurance policies? What are the potential barriers to implementation of a new information assurance plan? II. Information Security Roles and Responsibilities a) Analyze the role of the key leaders within the organization specific to how their responsibilities are connected to the security of the organization’s information. What is the relationship between these roles? b) Evaluate key ethical and legal considerations related to
information assurance that must be taken into account by the key leaders within the organization. What are the ramifications of key leaders not properly accounting for ethical and legal considerations? c) What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information. III. Risk Assessment a) Analyze the environment in which the organization operates, including the current protocols and policies in place related to information assurance. b) Evaluate the threat environment of the organization. c) Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies? d) Assess the threats and vulnerabilities of the organization by creating a risk matrix to outline the threats and vulnerabilities found and determine possible methods to mitigate the identified dangers. IV. Statements of Policy a) Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identified within the organization.
b) Justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. c) Develop appropriate disaster response protocols to respond to the various threats and vulnerabilities identified within the organization. d) Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. e) Develop appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service. f) Justify your access control protocols. Support your justification with information assurance research and best practices. g) Recommend a method for maintaining the information assurance plan once it has been established. h) Justify how your maintenance plan will ensure the ongoing effectiveness of the information assurance plan. Support your justification with information assurance research and best practices. V. Conclusion a) Summarize the need for an information assurance plan for the
selected organization, including the legal and ethical responsibilities of the organization to implement and maintain an appropriate information assurance plan. b) Defend the key elements of your information assurance plan, including which members of the organization would be responsible for each element. Milestones Milestone One: Information Assurance Plan Introduction In Module Two, you will submit your introduction to the information assurance plan. This section of the plan will provide the overview of the current state of the organization. Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts? Are there current protocols and policies the organization has in place? Additionally, what deficiencies exist within the organization’s current information assurance policies? What are the potential barriers to implementation of a new information assurance plan? This milestone is graded with the Milestone One Rubric. Milestone Two: Information Security Roles and Responsibilities In Module Four, you will submit your roles and responsibilities portion of the final project. Who are the key leaders of the organization specific to how their responsibilities are connected to the security of the organization’s information? You must also identify key ethical
considerations. What are the ramifications of key leaders not properly accounting for ethical and legal considerations? What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information. This milestone is graded with the Milestone Two Rubric. Milestone Three: Risk Assessment In Module Five, you will submit the risk assessment portion of the information assurance plan. You will provide the organization with an assessment of the threat environment and the risks within, as well as methods designed to mitigate these risks. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies? This milestone is graded with the Milestone Three Rubric. Milestone Four: Statements of Policy In Module Seven, you will submit your plan pertaining to statements of policy. You will recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess, your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan. This milestone is graded with the Milestone Four Rubric.
Final Submission: Information Assurance Plan In Module Nine, you will submit your information assurance plan. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. This submission will be graded with the Final Product Rubric. Deliverables Milestone Deliverable Module Due Grading 1 Information Assurance Plan Introduction Two Graded separately; Milestone One Rubric 2 Information Security Roles and Responsibilities Four Graded separately; Milestone Two Rubric 3 Risk Assessment Five Graded separately; Milestone Three Rubric 4 Statements of Policy Seven Graded separately; Milestone Four Rubric Final Submission: Information Assurance Plan Nine Graded separately; Final Product Rubric
Final Product Rubric Guidelines for Submission: Your information assurance plan should adhere to the following formatting requirements: 10–12 pages, double-spaced, using 12- point Times New Roman font and one-inch margins. Use discipline-appropriate citations. Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions. Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value Overview of Goals and Objectives Meets “Proficient” criteria and quality of overview establishes expertise in the discipline Provides a brief but comprehensive overview of the goals and objectives of the information assurance plan, including the importance of ensuring the confidentiality,
integrity, and availability of information and the benefits of creating and maintaining an information assurance plan Provides a brief overview of the goals and objectives of the information assurance plan but does not include the importance of ensuring the confidentiality, integrity, and availability of information or the benefits of creating and maintaining an information assurance plan Does not provide a brief overview of the goals and objectives of the information assurance plan 4 Confidentiality, Integrity, and Availability of Information Meets “Proficient” criteria and demonstrates a nuanced understanding of key information assurance concepts Accurately assesses the confidentiality, integrity, and availability of information within the organization
Assesses the confidentiality, integrity, and availability of information within the organization but some elements of the assessment may be illogical or inaccurate Does not assess the confidentiality, integrity, and availability of information within the organization 5 Current Protocols and Policies Meets “Proficient” criteria and demonstrates deep insight into complex deficiencies and barriers to implementation of a new information assurance plan Logically evaluates the current protocols and policies in place, including deficiencies that currently exist and potential barriers to implementation of a new information assurance plan Evaluates the current protocols and policies in place but does not address the deficiencies that currently exist or potential
barriers to implementation of a new information assurance plan, or evaluation is illogical Does not evaluate the current protocols and policies in place 4 Responsibilities of Key Leaders Meets “Proficient” criteria and demonstrates a nuanced understanding of the relationship between these roles and information security Analyzes the role of the key leaders within the organization specific to how their responsibilities are connected to the security of the organization’s information Analyzes the role of the key leaders within the organization but misses key roles or aspects of responsibilities specific to the security of the organization’s information Does not analyze the role of the key leaders within the organization
5 http://snhu- media.snhu.edu/files/production_documentation/formatting/rubr ic_feedback_instructions_student.pdf Key Ethical and Legal Considerations Meets “Proficient” criteria and provides complex or insightful reflection of the ramifications of key leaders not properly accounting for ethical and legal considerations Accurately evaluates key ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization, including the ramifications of key leaders not properly accounting for ethical and legal considerations Evaluates ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization but does not include the
ramifications of key leaders not properly accounting for ethical and legal considerations, or evaluation is inaccurate Does not evaluate ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization 5 Key Components of Information Assurance Meets “Proficient” criteria and demonstrates a nuanced understanding of how each key component identified impacts each individual’s role and responsibility Comprehensively addresses components of information assurance as they relate to individual roles and responsibilities within the information assurance plan Addresses components of information assurance as they relate to individual roles and responsibilities within the
information assurance plan but does not address confidentiality, integrity, and/or availability of information Does not address any components of information assurance as they relate to individual roles and responsibilities within the information assurance plan 5 Analysis of Environment Meets “Proficient” criteria and demonstrates unique or insightful reflection of current protocols and policies Logically analyzes the environment in which the organization operates, including the current protocols and policies in place related to information assurance Analyzes the environment in which the organization operates but does not include the current protocols and policies in place related to information assurance
Does not analyze the environment in which the organization operates 5 Threat Environment Meets “Proficient” criteria and demonstrates deep insight into hidden or complex threats or vulnerabilities Accurately analyzes the threat environment of the organization Evaluates the threat environment of the organization but misses crucial threats or vulnerabilities, or the evaluation is inaccurate Does not evaluate the threat environment of the organization 5 Best Approaches Meets “Proficient” criteria and demonstrates unique or insightful reflection regarding areas for improvement Comprehensively discusses best
approaches for implementing information assurance principles, including areas of improvement to current protocols and policies Discusses best approaches for implementing information assurance principles, but does not fully develop ideas related to areas of improvement to current protocols and policies Does not discuss best approaches for implementing information assurance principles 5 Risk Matrix Meets “Proficient” criteria and demonstrates deep insight into hidden or complex threats or vulnerabilities and possible methods to mitigate the identified dangers Creates a risk matrix to comprehensively and accurately assess the threats to and vulnerabilities of the organization, including possible
methods to mitigate the identified dangers Creates a risk matrix to assess the threats to and vulnerabilities of the organization but does not include possible methods to mitigate the identified dangers, or assessment is incomplete or inaccurate Does not create a risk matrix to assess the threats to and vulnerabilities of the organization 5 Incident Response Protocols Meets “Proficient” criteria and provides secondary incident response protocols in the event that primary protocols fail Develops appropriate incident response protocols to respond to the various threats and vulnerabilities identified Develops incident response protocols to respond to the various threats and vulnerabilities identified, but they are not all appropriate or do not
respond to all the threats and vulnerabilities Does not develop incident response protocols 5 Justification of Incident Response Protocols Meets “Proficient” criteria and provides unique or insightful reflection into the dangers of not providing for adequate incident response protocols Logically justifies how the incident response protocols will mitigate the threats to and vulnerabilities of the organization with support from information assurance research and best practices Justifies how the incident response protocols will mitigate the threats to and vulnerabilities of the organization with minimal support from information assurance research and best practices, or justification is illogical
Does not justify how the incident response protocols will mitigate the threats and vulnerabilities to the organization 5 Disaster Response Protocols Meets “Proficient” criteria and demonstrates deep insight into responding to hidden or complex threats or vulnerabilities Develops appropriate disaster response protocols to respond to the various threats and vulnerabilities identified Develops disaster response protocols to respond to the various threats and vulnerabilities identified, but they are not all appropriate or do not respond to all the threats and vulnerabilities Does not develop disaster response protocols 4 Justification of
Disaster Response Protocols Meets “Proficient” criteria and provides unique or insightful reflection into the dangers of not providing for adequate disaster response protocols Logically justifies how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization with support from information assurance research and best practices Justifies how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization with minimal support from information assurance research and best practices, or justification is illogical Does not justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization 5
Access Control Protocols Meets “Proficient” criteria and demonstrates unique or insightful reflection into appropriate protocols Develops appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service Develops access control protocols, but they do not provide an appropriate amount of protection while allowing users to continue to operate without denial of service Does not develop access control protocols 4 Justification of Access Control Protocols Meets “Proficient” criteria and provides unique or insightful
reflection into the dangers of not providing for adequate access control protocols Logically justifies the access control protocols with support from information assurance research and best practices Justifies the access control protocols with minimal support from information assurance research and best practices, or justification is illogical Does not justify the access control protocols 5 Method for Maintaining the Information Assurance Plan Meets “Proficient” criteria and provides an established interval for the recommended maintenance actions Recommends a comprehensive method for maintaining the information assurance plan once it has been established
Recommends a method for maintaining the information assurance plan once it has been established but recommendations are not fully developed Does not recommend a method for maintaining the information assurance plan once it has been established 5 Justification of Maintenance Plan Meets “Proficient” criteria and provides insight into the dangers of not providing for an adequate maintenance plan Logically justifies how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan with support from information assurance research and best practices Justifies how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan with minimal
support from information assurance research and best practices or justification is illogical Does not justify how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan 5 Summary of Need for Information Assurance Plan Meets “Proficient” criteria and demonstrates a nuanced understanding of the need for an information assurance plan Concisely summarizes the need for an information assurance plan, including the legal and ethical responsibilities of the organization to implement and maintain an appropriate information assurance plan Summarizes the need for an information assurance plan but does not include the legal and ethical responsibilities of the organization to implement and
maintain an appropriate information assurance plan or is not concise Does not summarize the need for an information assurance plan 5 Defense of Key Elements of Information Assurance Plan Meets “Proficient” criteria and demonstrates a nuanced understanding of which members of the organization should be responsible for each element Strongly defends key elements of the information assurance plan, including which members of the organization would be responsible for each element and who should be contacted in the event of an incident Defends key elements of the information assurance plan but does not include which members of the organization would be responsible for each element, or defense is weak
Does not defend elements of the information assurance plan 5 Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, syntax, or organization Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas 4
Earned Total 100%

More Related Content

DOCX
Project 1Create an application that displays payroll informatio.docx
briancrawford30935
 
DOCX
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
aryan532920
 
PPTX
Build an Information Security Strategy
Andrew Byers
 
PDF
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
David Sweigert
 
PDF
ComplianceGuidelinesUploaded6.14PDF
Paulette Wunsch
 
DOCX
IT 552 Milestone One Guidelines and Rubric The fina.docx
ShiraPrater50
 
DOCX
The Rookie Chief Information Security OfficerThis assignment c.docx
oreo10
 
DOCX
The Rookie Chief Information Security OfficerDue Week 10 and w.docx
teresehearn
 
Project 1Create an application that displays payroll informatio.docx
briancrawford30935
 
ISE 510 Final Project Guidelines and Rubric Overview The fi.docx
aryan532920
 
Build an Information Security Strategy
Andrew Byers
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
David Sweigert
 
ComplianceGuidelinesUploaded6.14PDF
Paulette Wunsch
 
IT 552 Milestone One Guidelines and Rubric The fina.docx
ShiraPrater50
 
The Rookie Chief Information Security OfficerThis assignment c.docx
oreo10
 
The Rookie Chief Information Security OfficerDue Week 10 and w.docx
teresehearn
 

Similar to IT 549 Final Project Guidelines and Rubric Overview .docx (20)

DOCX
Term Paper The Rookie Chief Information Security OfficerThis assi.docx
jacqueliner9
 
DOCX
The Rookie Chief Information Security OfficerWorth 200 poi
jacvzpline
 
PDF
Standards For Wright Aircraft Corp
Antoinette Williams
 
DOCX
This assignment consists of five (5) parts     Part 1 Organi.docx
gasciognecaren
 
DOCX
Term Paper The Rookie Chief Information Security OfficerD
alehosickg3
 
PDF
Information Assurance Guidelines For Commercial Buildings...
Laura Benitez
 
PPTX
Build and Information Security Strategy
Info-Tech Research Group
 
DOCX
Term Paper The Rookie Chief Information Security Officer.docx
manningchassidy
 
DOCX
COURSE PROJECT2Operating System and Application Security Str.docx
marilucorr
 
DOCX
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
DOCX
Project Risk Management PlanPurposeThis project provides .docx
briancrawford30935
 
DOCX
Running Head Employee Selection and Training2Employee S.docx
todd271
 
DOCX
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
adampcarr67227
 
DOCX
Project Access Control ProposalPurposeThis course project i.docx
stilliegeorgiana
 
PDF
Key Concepts And Principles Of Internal Quality Assurance...
Lanate Drummond
 
DOCX
Title of PaperYour nameHCA375– Continuous Quality Monito.docx
juliennehar
 
DOCX
ISE 620 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
PPTX
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
DOCX
CHAPTER 5 Security Policies, Standards, Procedures, a
MaximaSheffield592
 
DOCX
IHP 430 Final Project Guidelines and Rubric Overview As .docx
flonayrton46696
 
Term Paper The Rookie Chief Information Security OfficerThis assi.docx
jacqueliner9
 
The Rookie Chief Information Security OfficerWorth 200 poi
jacvzpline
 
Standards For Wright Aircraft Corp
Antoinette Williams
 
This assignment consists of five (5) parts     Part 1 Organi.docx
gasciognecaren
 
Term Paper The Rookie Chief Information Security OfficerD
alehosickg3
 
Information Assurance Guidelines For Commercial Buildings...
Laura Benitez
 
Build and Information Security Strategy
Info-Tech Research Group
 
Term Paper The Rookie Chief Information Security Officer.docx
manningchassidy
 
COURSE PROJECT2Operating System and Application Security Str.docx
marilucorr
 
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
Project Risk Management PlanPurposeThis project provides .docx
briancrawford30935
 
Running Head Employee Selection and Training2Employee S.docx
todd271
 
Homework AssignmentShort Answer Responses.1. Describe the fiv.docx
adampcarr67227
 
Project Access Control ProposalPurposeThis course project i.docx
stilliegeorgiana
 
Key Concepts And Principles Of Internal Quality Assurance...
Lanate Drummond
 
Title of PaperYour nameHCA375– Continuous Quality Monito.docx
juliennehar
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
CHAPTER 5 Security Policies, Standards, Procedures, a
MaximaSheffield592
 
IHP 430 Final Project Guidelines and Rubric Overview As .docx
flonayrton46696
 
Ad

More from christiandean12115 (20)

DOCX
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
christiandean12115
 
DOCX
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
christiandean12115
 
DOCX
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
christiandean12115
 
DOCX
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
christiandean12115
 
DOCX
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
christiandean12115
 
DOCX
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
christiandean12115
 
DOCX
10.1 What are three broad mechanisms that malware can use to propa.docx
christiandean12115
 
DOCX
10.0 ptsPresentation of information was exceptional and included.docx
christiandean12115
 
DOCX
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
christiandean12115
 
DOCX
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
christiandean12115
 
DOCX
10 What does a golfer, tennis player or cricketer (or any othe.docx
christiandean12115
 
DOCX
10 September 2018· Watch video· Take notes withfor students.docx
christiandean12115
 
DOCX
10 Research-Based Tips for Enhancing Literacy Instruct.docx
christiandean12115
 
DOCX
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
christiandean12115
 
DOCX
10 Most Common Err.docx
christiandean12115
 
DOCX
10 Introduction Ask any IT manager about the chall.docx
christiandean12115
 
DOCX
10 Customer Acquisition and Relationship ManagementDmitry .docx
christiandean12115
 
DOCX
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
christiandean12115
 
DOCX
10 ers. Although one can learn definitions favor- able to .docx
christiandean12115
 
DOCX
10 academic sources about the topic (Why is America so violent).docx
christiandean12115
 
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
christiandean12115
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
christiandean12115
 
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
christiandean12115
 
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
christiandean12115
 
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
christiandean12115
 
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
christiandean12115
 
10.1 What are three broad mechanisms that malware can use to propa.docx
christiandean12115
 
10.0 ptsPresentation of information was exceptional and included.docx
christiandean12115
 
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
christiandean12115
 
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
christiandean12115
 
10 What does a golfer, tennis player or cricketer (or any othe.docx
christiandean12115
 
10 September 2018· Watch video· Take notes withfor students.docx
christiandean12115
 
10 Research-Based Tips for Enhancing Literacy Instruct.docx
christiandean12115
 
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
christiandean12115
 
10 Most Common Err.docx
christiandean12115
 
10 Introduction Ask any IT manager about the chall.docx
christiandean12115
 
10 Customer Acquisition and Relationship ManagementDmitry .docx
christiandean12115
 
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
christiandean12115
 
10 ers. Although one can learn definitions favor- able to .docx
christiandean12115
 
10 academic sources about the topic (Why is America so violent).docx
christiandean12115
 
Ad

Recently uploaded (20)

PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
PDF
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Classroom Observation Tools for Teachers
Nicaramirez
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
Trump Administration's workforce development strategy
Mebane Rash
 

IT 549 Final Project Guidelines and Rubric Overview .docx

  • 1. IT 549 Final Project Guidelines and Rubric Overview The final project for this course is the creation of a functional information assurance plan. The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and stakeholders on a continuous basis. Employing information assurance best practices will ensure a firm is able to eliminate hierarchical structures, become more flat, and have greater customer touch points by leveraging the correct information at the right time. Successful firms will maintain an established information assurance plan and posture that are reviewed on a weekly basis. This assessment will consist of the creation of a functional information assurance plan. You will review a real-world business scenario in order to apply information assurance research and incorporate industry best practices to your recommendations for specific strategic and tactical steps. These skills are crucial for you to become a desired asset to organizations seeking industry professionals in the information assurance field. The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules
  • 2. Two, Four, Five, and Seven. The final product will be submitted in Module Nine. In this assignment, you will demonstrate your mastery of the following course outcomes: information in a given situation for their relation to an information assurance plan otocols for incident and disaster responses and managing security functions that adhere to best practices for information assurance research and industry best practices to inform network governance practices for maintaining an information assurance plan decisions about security, access controls, and legal issues ble threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated risks Prompt Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization
  • 3. presented in the scenario. Specifically, the following critical elements must be addressed in your plan: I. Information Assurance Plan Introduction a) Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts? b) Assess the confidentiality, integrity, and availability of information within the organization. c) Evaluate the current protocols and policies the organization has in place. What deficiencies exist within the organization’s current information assurance policies? What are the potential barriers to implementation of a new information assurance plan? II. Information Security Roles and Responsibilities a) Analyze the role of the key leaders within the organization specific to how their responsibilities are connected to the security of the organization’s information. What is the relationship between these roles? b) Evaluate key ethical and legal considerations related to
  • 4. information assurance that must be taken into account by the key leaders within the organization. What are the ramifications of key leaders not properly accounting for ethical and legal considerations? c) What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information. III. Risk Assessment a) Analyze the environment in which the organization operates, including the current protocols and policies in place related to information assurance. b) Evaluate the threat environment of the organization. c) Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies? d) Assess the threats and vulnerabilities of the organization by creating a risk matrix to outline the threats and vulnerabilities found and determine possible methods to mitigate the identified dangers. IV. Statements of Policy a) Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identified within the organization.
  • 5. b) Justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. c) Develop appropriate disaster response protocols to respond to the various threats and vulnerabilities identified within the organization. d) Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justification with information assurance research and best practices. e) Develop appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service. f) Justify your access control protocols. Support your justification with information assurance research and best practices. g) Recommend a method for maintaining the information assurance plan once it has been established. h) Justify how your maintenance plan will ensure the ongoing effectiveness of the information assurance plan. Support your justification with information assurance research and best practices. V. Conclusion a) Summarize the need for an information assurance plan for the
  • 6. selected organization, including the legal and ethical responsibilities of the organization to implement and maintain an appropriate information assurance plan. b) Defend the key elements of your information assurance plan, including which members of the organization would be responsible for each element. Milestones Milestone One: Information Assurance Plan Introduction In Module Two, you will submit your introduction to the information assurance plan. This section of the plan will provide the overview of the current state of the organization. Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the confidentiality, integrity, and availability of information. What are the benefits of creating and maintaining an information assurance plan around those key concepts? Are there current protocols and policies the organization has in place? Additionally, what deficiencies exist within the organization’s current information assurance policies? What are the potential barriers to implementation of a new information assurance plan? This milestone is graded with the Milestone One Rubric. Milestone Two: Information Security Roles and Responsibilities In Module Four, you will submit your roles and responsibilities portion of the final project. Who are the key leaders of the organization specific to how their responsibilities are connected to the security of the organization’s information? You must also identify key ethical
  • 7. considerations. What are the ramifications of key leaders not properly accounting for ethical and legal considerations? What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the current policies as they relate to confidentiality, integrity, and availability of information. This milestone is graded with the Milestone Two Rubric. Milestone Three: Risk Assessment In Module Five, you will submit the risk assessment portion of the information assurance plan. You will provide the organization with an assessment of the threat environment and the risks within, as well as methods designed to mitigate these risks. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to current protocols and policies? This milestone is graded with the Milestone Three Rubric. Milestone Four: Statements of Policy In Module Seven, you will submit your plan pertaining to statements of policy. You will recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess, your proposed method for maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan. This milestone is graded with the Milestone Four Rubric.
  • 8. Final Submission: Information Assurance Plan In Module Nine, you will submit your information assurance plan. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. This submission will be graded with the Final Product Rubric. Deliverables Milestone Deliverable Module Due Grading 1 Information Assurance Plan Introduction Two Graded separately; Milestone One Rubric 2 Information Security Roles and Responsibilities Four Graded separately; Milestone Two Rubric 3 Risk Assessment Five Graded separately; Milestone Three Rubric 4 Statements of Policy Seven Graded separately; Milestone Four Rubric Final Submission: Information Assurance Plan Nine Graded separately; Final Product Rubric
  • 9. Final Product Rubric Guidelines for Submission: Your information assurance plan should adhere to the following formatting requirements: 10–12 pages, double-spaced, using 12- point Times New Roman font and one-inch margins. Use discipline-appropriate citations. Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions. Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value Overview of Goals and Objectives Meets “Proficient” criteria and quality of overview establishes expertise in the discipline Provides a brief but comprehensive overview of the goals and objectives of the information assurance plan, including the importance of ensuring the confidentiality,
  • 10. integrity, and availability of information and the benefits of creating and maintaining an information assurance plan Provides a brief overview of the goals and objectives of the information assurance plan but does not include the importance of ensuring the confidentiality, integrity, and availability of information or the benefits of creating and maintaining an information assurance plan Does not provide a brief overview of the goals and objectives of the information assurance plan 4 Confidentiality, Integrity, and Availability of Information Meets “Proficient” criteria and demonstrates a nuanced understanding of key information assurance concepts Accurately assesses the confidentiality, integrity, and availability of information within the organization
  • 11. Assesses the confidentiality, integrity, and availability of information within the organization but some elements of the assessment may be illogical or inaccurate Does not assess the confidentiality, integrity, and availability of information within the organization 5 Current Protocols and Policies Meets “Proficient” criteria and demonstrates deep insight into complex deficiencies and barriers to implementation of a new information assurance plan Logically evaluates the current protocols and policies in place, including deficiencies that currently exist and potential barriers to implementation of a new information assurance plan Evaluates the current protocols and policies in place but does not address the deficiencies that currently exist or potential
  • 12. barriers to implementation of a new information assurance plan, or evaluation is illogical Does not evaluate the current protocols and policies in place 4 Responsibilities of Key Leaders Meets “Proficient” criteria and demonstrates a nuanced understanding of the relationship between these roles and information security Analyzes the role of the key leaders within the organization specific to how their responsibilities are connected to the security of the organization’s information Analyzes the role of the key leaders within the organization but misses key roles or aspects of responsibilities specific to the security of the organization’s information Does not analyze the role of the key leaders within the organization
  • 13. 5 http://snhu- media.snhu.edu/files/production_documentation/formatting/rubr ic_feedback_instructions_student.pdf Key Ethical and Legal Considerations Meets “Proficient” criteria and provides complex or insightful reflection of the ramifications of key leaders not properly accounting for ethical and legal considerations Accurately evaluates key ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization, including the ramifications of key leaders not properly accounting for ethical and legal considerations Evaluates ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization but does not include the
  • 14. ramifications of key leaders not properly accounting for ethical and legal considerations, or evaluation is inaccurate Does not evaluate ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization 5 Key Components of Information Assurance Meets “Proficient” criteria and demonstrates a nuanced understanding of how each key component identified impacts each individual’s role and responsibility Comprehensively addresses components of information assurance as they relate to individual roles and responsibilities within the information assurance plan Addresses components of information assurance as they relate to individual roles and responsibilities within the
  • 15. information assurance plan but does not address confidentiality, integrity, and/or availability of information Does not address any components of information assurance as they relate to individual roles and responsibilities within the information assurance plan 5 Analysis of Environment Meets “Proficient” criteria and demonstrates unique or insightful reflection of current protocols and policies Logically analyzes the environment in which the organization operates, including the current protocols and policies in place related to information assurance Analyzes the environment in which the organization operates but does not include the current protocols and policies in place related to information assurance
  • 16. Does not analyze the environment in which the organization operates 5 Threat Environment Meets “Proficient” criteria and demonstrates deep insight into hidden or complex threats or vulnerabilities Accurately analyzes the threat environment of the organization Evaluates the threat environment of the organization but misses crucial threats or vulnerabilities, or the evaluation is inaccurate Does not evaluate the threat environment of the organization 5 Best Approaches Meets “Proficient” criteria and demonstrates unique or insightful reflection regarding areas for improvement Comprehensively discusses best
  • 17. approaches for implementing information assurance principles, including areas of improvement to current protocols and policies Discusses best approaches for implementing information assurance principles, but does not fully develop ideas related to areas of improvement to current protocols and policies Does not discuss best approaches for implementing information assurance principles 5 Risk Matrix Meets “Proficient” criteria and demonstrates deep insight into hidden or complex threats or vulnerabilities and possible methods to mitigate the identified dangers Creates a risk matrix to comprehensively and accurately assess the threats to and vulnerabilities of the organization, including possible
  • 18. methods to mitigate the identified dangers Creates a risk matrix to assess the threats to and vulnerabilities of the organization but does not include possible methods to mitigate the identified dangers, or assessment is incomplete or inaccurate Does not create a risk matrix to assess the threats to and vulnerabilities of the organization 5 Incident Response Protocols Meets “Proficient” criteria and provides secondary incident response protocols in the event that primary protocols fail Develops appropriate incident response protocols to respond to the various threats and vulnerabilities identified Develops incident response protocols to respond to the various threats and vulnerabilities identified, but they are not all appropriate or do not
  • 19. respond to all the threats and vulnerabilities Does not develop incident response protocols 5 Justification of Incident Response Protocols Meets “Proficient” criteria and provides unique or insightful reflection into the dangers of not providing for adequate incident response protocols Logically justifies how the incident response protocols will mitigate the threats to and vulnerabilities of the organization with support from information assurance research and best practices Justifies how the incident response protocols will mitigate the threats to and vulnerabilities of the organization with minimal support from information assurance research and best practices, or justification is illogical
  • 20. Does not justify how the incident response protocols will mitigate the threats and vulnerabilities to the organization 5 Disaster Response Protocols Meets “Proficient” criteria and demonstrates deep insight into responding to hidden or complex threats or vulnerabilities Develops appropriate disaster response protocols to respond to the various threats and vulnerabilities identified Develops disaster response protocols to respond to the various threats and vulnerabilities identified, but they are not all appropriate or do not respond to all the threats and vulnerabilities Does not develop disaster response protocols 4 Justification of
  • 21. Disaster Response Protocols Meets “Proficient” criteria and provides unique or insightful reflection into the dangers of not providing for adequate disaster response protocols Logically justifies how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization with support from information assurance research and best practices Justifies how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization with minimal support from information assurance research and best practices, or justification is illogical Does not justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization 5
  • 22. Access Control Protocols Meets “Proficient” criteria and demonstrates unique or insightful reflection into appropriate protocols Develops appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service Develops access control protocols, but they do not provide an appropriate amount of protection while allowing users to continue to operate without denial of service Does not develop access control protocols 4 Justification of Access Control Protocols Meets “Proficient” criteria and provides unique or insightful
  • 23. reflection into the dangers of not providing for adequate access control protocols Logically justifies the access control protocols with support from information assurance research and best practices Justifies the access control protocols with minimal support from information assurance research and best practices, or justification is illogical Does not justify the access control protocols 5 Method for Maintaining the Information Assurance Plan Meets “Proficient” criteria and provides an established interval for the recommended maintenance actions Recommends a comprehensive method for maintaining the information assurance plan once it has been established
  • 24. Recommends a method for maintaining the information assurance plan once it has been established but recommendations are not fully developed Does not recommend a method for maintaining the information assurance plan once it has been established 5 Justification of Maintenance Plan Meets “Proficient” criteria and provides insight into the dangers of not providing for an adequate maintenance plan Logically justifies how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan with support from information assurance research and best practices Justifies how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan with minimal
  • 25. support from information assurance research and best practices or justification is illogical Does not justify how the maintenance plan will ensure the ongoing effectiveness of the information assurance plan 5 Summary of Need for Information Assurance Plan Meets “Proficient” criteria and demonstrates a nuanced understanding of the need for an information assurance plan Concisely summarizes the need for an information assurance plan, including the legal and ethical responsibilities of the organization to implement and maintain an appropriate information assurance plan Summarizes the need for an information assurance plan but does not include the legal and ethical responsibilities of the organization to implement and
  • 26. maintain an appropriate information assurance plan or is not concise Does not summarize the need for an information assurance plan 5 Defense of Key Elements of Information Assurance Plan Meets “Proficient” criteria and demonstrates a nuanced understanding of which members of the organization should be responsible for each element Strongly defends key elements of the information assurance plan, including which members of the organization would be responsible for each element and who should be contacted in the event of an incident Defends key elements of the information assurance plan but does not include which members of the organization would be responsible for each element, or defense is weak
  • 27. Does not defend elements of the information assurance plan 5 Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, syntax, or organization Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas 4