This document provides guidelines and a rubric for the introduction section of a security awareness program proposal. The introduction must address why the security awareness program is vital for the organization based on a case document scenario. It must discuss the organization's current security posture based on findings from a risk assessment and identify human and organizational factors that adversely affect the security climate and culture. The submission must be 2-4 pages following APA format.

1. IT 552 Milestone One Guidelines and Rubric
The final project for this course is the creation of a security
awareness program proposal. In Module Two, you will take the
first step in completing this project by
creating the introduction section of your proposal. Begin by
reviewing the Case Document, which will provide you with
information about the organization for
which you are creating the security awareness program
proposal. Then, based on the scenario provided in the Case
Document, write an introduction to your
proposal that addresses the concerns of the chief executive
officer and explains why the security awareness proposal will
be vital to the organization.
Specifically, the following critical elements must be addressed:
security awareness program vital for the organization? Use
specific examples to illustrate your
claims.
the organization? What were the major findings in your risk
assessment of the organization’s
current security awareness policies, practices, and processes?
security climate within the organization? If so, how? Be sure to
consider unintentional and

2. intentional threats to a healthy security culture.
to an unhealthy security culture in the organization? If so, how?
Be sure to consider
organizational data flow, work setting, work planning and
control, and employee readiness.
Guidelines for Submission: Your paper must be submitted as a
two- to four-page Word document with double spacing, 12-point
Times New Roman font, and
one-inch margins, in APA format.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
Purpose
Meets “Proficient” criteria and
demonstrates evidence-based
perspective on the significance
of security awareness programs
Illustrates the purpose of the
proposal using specific
examples that demonstrate why
the program is vital for the
organization
The purpose of the proposal is
minimally addressed
Does not describe the purpose

3. of the proposal
20
Security Posture
Meets “Proficient” criteria and
demonstrates perspective in the
evaluation of the overall
security posture using specific
findings from the risk
assessment
Makes a justifiable claim about
the overall security posture of
the organization
Insufficiently makes a claim
about the overall security
posture of the organization
Does not make a claim about
the overall security posture of
the organization
20
Human Factors
Meets “Proficient” criteria
substantiated with examples of
relevant unintentional and
intentional threats

4. Identifies specific human factors
that adversely affect the
security climate and illustrates
their impact
Insufficiently identifies specific
human factors that adversely
affect the security climate and
illustrates their impact
Does not identify human factors
that adversely affect the
security climate
20
http://snhu-
media.snhu.edu/files/course_repository/graduate/it/it552/it552_
case_document.docx
Organizational
Factors
Meets “Proficient” criteria
substantiated with relevant
examples of data flow, work
setting, work planning and
control, and employee
readiness
Identifies organizational factors
that contribute to an unhealthy
security culture

5. Minimally identifies
organizational factors that
contribute to an unhealthy
security culture
Does not identify organizational
factors that contribute to an
unhealthy security culture
20
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, syntax, and is
presented in a professional and
easy-to-read format
Submission has no major errors
related to citations, grammar,
spelling, or syntax
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent the understanding

6. of ideas
20
Earned Total 100%
IT 552 Case for Final Project
BACKGROUND:
You were just hired as the new chief information security
officer for Multiple Unite Security Assurance (MUSA)
Corporation whose security posture is low. The first thing your
chief executive officer tells you is that they have recently seen
a presentation by one of the information security team members
emphasizing the importance of having a security awareness
program. As a result, you have been asked to develop a security
awareness program for MUSA Corporation based on the
following 10 security gaps:
1. No annual cyber security awareness training, which is
causing high phishing and social engineering attacks
2. No configuration change management policy (to reduce
unintentional threats)
3. No intrusion detection/prevention system
4. Logs are not being collected or analyzed
5. No media access control policy
6. No encryption or hashing to control data flow and
unauthorized alteration of data
7. Vulnerability assessment is conducted every three years;
unable to assess the security posture status
8. High turnover and low morale among the employees (due to
lack of employee readiness programs and work planning
strategy)

7. 9. High number of theft reports and security incidents; possible
unethical/disgruntled employees
10. No segregation of duties or mandatory vacation policies (to
mitigate intentional threats)
To that end, you will make recommendations for enhancing
security policies, practices, and processes that are currently
contributing to a dysfunctional security culture. Your chief goal
is to build a program that will foster a healthy security culture
and ensure continuous improvement. Your task is to develop a
security awareness program that consists of four major
components:
1. Proposal Introduction
2. Security Policies Development
3. Continuous Monitoring Plan
4. Communication Plan