The document outlines the criteria and requirements for a technical paper on risk assessment for a company. It includes 7 sections weighted from 5-20% each, such as describing the company network and environment, identifying security vulnerabilities, justifying cryptography recommendations, examining the risk assessment methodology, and presenting findings to management. The paper will be evaluated on technical content, references, and writing mechanics based on the outlined criteria.
Major project report on Tata Motors and its marketing strategies
Points 160Technical Paper Risk AssessmentCriteriaUna.docx
1. Points: 160
Technical Paper: Risk Assessment
Criteria
Unacceptable
Below 70% F
Fair
70-79% C
Proficient
80-89% B
Exemplary
90-100% A
1. Describe the company network, interconnection, and
communication environment.
Weight: 15%
Did not submit or incompletely described the company network,
interconnection, and communication environment.
Partially described the company network, interconnection, and
communication environment.
Satisfactorily described the company network, interconnection,
2. and communication environment.
Thoroughly described the company network, interconnection,
and communication environment.
2a. Defend your assumptions where pertinent information from
the scenario isn’t available.
Weight: 5%
Did not submit or incompletely defended your assumptions
where pertinent information from the scenario isn’t available.
Partially defended your assumptions where pertinent
information from the scenario isn’t available.
Satisfactorily defended your assumptions where pertinent
information from the scenario isn’t available.
Thoroughly defended your assumptions where pertinent
information from the scenario isn’t available.
2b. Ascertain apparent security vulnerabilities, and analyze at
least three (3) such vulnerabilities. Such analysis should
entertain the possibility of faulty network design. Recommend
mitigation processes and procedures for each of the identified
vulnerabilities.
Weight: 5%
Did not submit or incompletely ascertained apparent security
vulnerabilities; did not submit or incompletely analyzed at least
three (3) such vulnerabilities. Did not submit or incompletely
entertained the possibility of faulty network design. Did not
submit or incompletely recommended mitigation processes and
procedures for each of the identified vulnerabilities.
3. Partially ascertained apparent security vulnerabilities; partially
analyzed at least three (3) such vulnerabilities. Partially
entertained the possibility of faulty network design. Partially
recommended mitigation processes and procedures for each of
the identified vulnerabilities.
Satisfactorily ascertained apparent security vulnerabilities;
satisfactorily analyzed at least three (3) such vulnerabilities
Satisfactorily entertained the possibility of faulty network
design. Satisfactorily recommended mitigation processes and
procedures for each of the identified vulnerabilities.
Thoroughly ascertained apparent security vulnerabilities;
thoroughly analyzed at least three (3) such vulnerabilities.
Thoroughly entertained the possibility of faulty network design.
Thoroughly recommended mitigation processes and procedures
for each of the identified vulnerabilities.
2c. Justify your cryptography recommendations, based on
security concerns and requirements, data-driven decision-
making, and objective opinions.
Weight: 5%
Did not submit or incompletely justified your cryptography
recommendations, based on security concerns and requirements,
data-driven decision making, and objective opinions.
Partially justified your cryptography recommendations, based
on security concerns and requirements, data-driven decision-
making, and objective opinions.
Satisfactorily justified your cryptography recommendations,
based on security concerns and requirements, data-driven
decision-making, and objective opinions.
4. Thoroughly justified your cryptography recommendations,
based on security concerns and requirements, data-driven
decision-making, and objective opinions.
3. Examine whether your risk assessment methodology is
quantitative, qualitative, or a combination of these, and discuss
the main reasons why you believe that the methodology that you
utilized was the most appropriate.
Weight: 20%
Did not submit or incompletely examined whether your risk
assessment methodology is quantitative, qualitative, or a
combination of these; did not submit or incompletely discussed
the main reasons why you believe that the methodology that you
utilized was the most appropriate.
Partially examined whether your risk assessment methodology
is quantitative, qualitative, or a combination of these; partially
discussed the main reasons why you believe that the
methodology that you utilized was the most appropriate.
Satisfactorily examined whether your risk assessment
methodology is quantitative, qualitative, or a combination of
these; satisfactorily discussed the main reasons why you believe
that the methodology that you utilized was the most appropriate.
Thoroughly examined whether your risk assessment
methodology is quantitative, qualitative, or a combination of
these; thoroughly discussed the main reasons why you believe
that the methodology that you utilized was the most appropriate.
4. Explain the way in which you would present your findings
and assessment to the company’s management and thus
facilitate security buy-in and concentration.
5. Weight: 15%
Did not submit or incompletely explained the way in which you
would present your findings and assessment to the company’s
management and thus facilitate security buy-in and
concentration.
Partially explained the way in which you would present your
findings and assessment to the company’s management and thus
facilitate security buy-in and concentration.
Satisfactorily explained the way in which you would present
your findings and assessment to the company’s management and
thus facilitate security buy-in and concentration.
Thoroughly explained the way in which you would present your
findings and assessment to the company’s management and thus
facilitate security buy-in and concentration.
5. Using Microsoft Visio or its open source equivalent, redraw
the CFI diagram, depicted as a secure and risk-mitigating
model.
Weight: 20%
Did not submit or incompletely redrew the CFI diagram,
depicted as a secure and risk-mitigating model, using Microsoft
Visio or its open source equivalent.
Partially redrew the CFI diagram, depicted as a secure and risk-
mitigating model, using Microsoft Visio or its open source
equivalent.
Satisfactorily redrew the CFI diagram, depicted as a secure and
risk-mitigating model, using Microsoft Visio or its open source
equivalent.
6. Thoroughly redrew the CFI diagram, depicted as a secure and
risk-mitigating model, using Microsoft Visio or its open source
equivalent.
6. 3 references
Weight: 5%
No references provided
Does not meet the required number of references; some or all
references poor quality choices.
Meets number of required references; all references high quality
choices.
Exceeds number of required references; all references high
quality choices.
7. Clarity, writing mechanics, and formatting requirements
Weight: 10%
More than 6 errors present
5-6 errors present
3-4 errors present
0-2 errors present