ISE 510 Final Project Milestone Two Guidelines and Rubric .docx

ISE 510 Final Project Milestone Two Guidelines and Rubric
Test Plan
Prompt: For this milestone, write a test plan that details your
approach to the security breach analysis and recommendations
(final project). You can do research
to include any other topics you found relevant, but you should
at least discuss the following:
o Introduce your company (Limetree Inc.) and state its
capabilities.
o State your goal for the security breach analysis project.
o Define the scope of the project.
o Create a list of hardware and software present.
o Determine resources required with brief explanation of why
each is required (e.g., internet access, computers, additional
personnel).
o Discuss your timeline for the project (how long it will take
and why).
o Discuss what regulatory benchmark you will be using to make

vulnerability determination.
o State your approach (Example: Review interview result,
analyze virtual environment, review industry best practices,
etc.).
o Define how you will categorize your findings (Example: low,
medium, high).
Guidelines for Submission: Your test plan should be 5–7 pages
in length and should be submitted as a Microsoft Word
document (or equivalent) using 12-point
Times New Roman font and one-inch margins
Instructor Feedback: This activity uses an integrated rubric in
Blackboard. Students can view instructor feedback in the Grade
Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
Security Test Plan:
Introduction and Goal
Meets “Proficient” criteria and
profile expertly balances
necessary detail with brevity
Provides brief profile of
business or organization that
has been attacked and its
organizational goals

Provides brief profile of
organizational goals but with
gaps in clarity, detail, or
accuracy
Does not provide brief profile of
15
http://snhu-
media.snhu.edu/files/production_documentation/formatting/rubr
ic_feedback_instructions_student.pdf
Security Test Plan:
Scope
response demonstrates
nuanced understanding of using
established cyber security
standards in developing the
scope of security test plans
Determines scope of risk
assessment, based on analysis
of security breach and
standards

assessment, but response has
gaps in accuracy or detail or is
not based on analysis or
established standards
Does not determine scope of
risk assessment
15
Security Test Plan:
Hardware and
Software
standards in developing security
test plans and assigning
resources
Creates list of system hardware
and software within target of
risk assessment, based on
analysis of security breach and
standards
and software within target of
risk assessment, but response
has gaps in accuracy or detail or
is not based on analysis or

Does not create list of system
hardware and software within
target of risk assessment
15
Security Test Plan:
Resources
resources
Documents resources required
for risk assessment, based on
standards
Does not document resources
required for risk assessment
15

Security Test Plan:
Timeline and
Benchmarks
response clearly outlines
timeline and applicable
benchmark data
Outlines timeline and
benchmark data, based on
standards
Timeline and benchmarks listed
however has gaps in accuracy or
detail or is not based on
analysis or established
standards
Does not outline timeline or
benchmarks for risk assessment
15
Security Test Plan:
Approach
response clearly lists acceptable
approach for risk assessment
Lists approach based on

standards
Approach is listed however has
Does not list approach taken for
risk assessment
15
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, syntax, and
organization and is presented in
a professional and easy to read
format
Submission has no major errors
spelling, syntax, or organization
Submission has major errors
that negatively impact
readability and articulation of
main ideas
Submission has critical errors

that prevent understanding of
ideas
10
Total 100%
ISE 510 Final Project Milestone Three Guidelines and Rubric
Incident Response Plan
Prompt: Review your entire final project and develop a suitable
incident response plan (IRP) based on the scenario presented in
both your Final Project Scenario
and the virtual environment presented in the educational video
game Agent Surefire: InfoSec. Be sure to discuss the following
in your plan:
(e.g., unauthorized access).
Inc., including current shortcomings

incident recovery (use a flowchart to enhance your definition).
Guidelines for Submission: Your paper must be submitted as a
5- to 7-page Microsoft Word document with double spacing, 12-
point Times New Roman font, and
one-inch margins.
Incident Response
Plan (IRP):
Purpose
IRP explicitly identifies purpose
IRP identifies its purpose IRP’s purpose has gaps in
accuracy or detail
IRP does not identify its
purpose
15
Incident Response
Plan (IRP):
Roles and

Responsibilities
IRP clearly identifies and
describes roles and
responsibilities
IRP identifies and describes
roles and responsibilities
IRP has gaps in accuracy or
detail in the roles and
responsibilities
IRP does not identify or
describe roles and
responsibilities
15
Incident Response
Plan (IRP):
Examples
IRP definitely lists a minimum of
five examples of an incident
IRP lists four examples of an
incident
IRP lists three examples of an
incident
IRP lists two or fewer examples

of an incident
15
Incident Response
Plan (IRP):
Current Incident
Response Process
IRP properly identifies the
current incident response
process
IRP identifies the current
incident response process
IRP’s current incident response
process has gaps in accuracy or
detail
IRP does not list the current
incident response process
15
Incident Response
Plan (IRP):
New Incident
Response Process
IRP clearly outlines a new
incident response process and

includes an accurate flowchart
IRP outlines a new incident
response process
IRP’s new incident response
process has gaps in accuracy or
detail
IRP does not outline a new
incident response plan
25
http://snhu-
Articulation of
Response
spelling, syntax, and
organization and is presented in
a professional and easy-to-read
format

that negatively impact
readability and articulation of
main ideas
ideas
15
Total 100%
ISE 510 Final Project Milestone One Guidelines and Rubric
Kickoff Agenda
Overview: You have been hired as a cybersecurity professional
to conduct a security assessment on Limetree Inc.’s systems and
processes to identify the root
cause of the security breach, and discover additional
vulnerabilities that could impact its operation in the future.
Your assessment of Limetree Inc.’s environment
will be conducted by reviewing your Final Project Scenario
document and Limetree Inc.’s virtual environment as presented
in the educational video game, Agent
Surefire: InfoSec. As part of this assessment, you will

incorporate into your analysis the results of the interview with
Jack Sterling (security manager) found in the
scenario, and you will be able to identify vulnerabilities related
to systems security, personnel and administrative security, and
physical security, relating these to
the breach.
Prompt: For this assignment, you are provided an opportunity to
conduct a kickoff meeting for the security breach analysis and
recommendations (final project).
After reviewing the entire Final Project Guidelines and Rubric
document and Final Project Scenario, develop an agenda for the
meeting and describe the
relevance of each item in your agenda to the risk assessment.
Your agenda topics should be geared toward collecting
additional information or providing
clarification that may be missing within the Agent Surefire:
InfoSec virtual game environment or the interview of Jack
Sterling, the security manager, from your
scenario document. You should be very familiar with Sections
I–IV of your final project before completing this kickoff
agenda, which asks you to analyze the
security breach, its impacts, and the company’s incident
response following the breach. You may want to take detailed
notes or draft your response to those
sections at this point in the course for your final submission
later. For this assignment, you are being evaluated on the
importance of the agenda to the
assessment effort and the level of discussion provided in
explaining the topics.
In the real world, a lot of information that goes into the test
plan (Milestone Two in Module Five) would be derived from
this meeting. This assignment validates
that you as the student know the right topics to discuss in the
meeting with stakeholders that will result in pertinent

information for ultimate success of the effort
and your final project.
Guidelines for Submission: The kickoff agenda should be 3–5
pages in length, using 12-point Times New Roman font and one-
inch margins.
Kickoff Agenda:
Relevance
expertly describes relevance of
each agenda item
Describes relevance of each
agenda item
Describes relevance of each
agenda item but response has
gaps in accuracy or detail
Does not describe relevance of
each agenda item
40
http://snhu-

media.snhu.edu/files/course_repository/graduate/ise/ise510/ise5
10_final_project_scenario.pdf
http://snhu-
Kickoff Agenda:
Topics
topics are skillfully geared
toward collecting additional
information, providing
clarification or identifying
interview topics for security
manager
Describes topics and they are
geared toward collecting
additional information,
providing clarification, or
identifying interview topics for
security manager
Describes topics and they are
geared toward collecting
additional information,
providing clarification, or
identifying interview topics for
security manager, but they have
gaps in accuracy or detail
Does not describe topics or
topics do not collect additional

information, provide
clarification, or identify
interview topics for security
manager
50
Articulation of
Response
related to grammar, spelling,
syntax, and organization and is
presented in a professional and
easy-to-read format
syntax, or organization
syntax, or organization that
negatively impact readability and
articulation of main ideas
syntax, or organization that
prevent understanding of ideas
10
Total 100%

ISE 510 Final Project Scenario
Background
Limetree Inc. is a research and development firm that engages
in multiple research projects with the
federal government and private corporations in the areas of
healthcare, biotechnology, and other
cutting-edge industries. It has been experiencing major growth
in recent years, but there is also a
concern that information security lapses are becoming rampant
as the company grows. Limetree Inc. is
working to establish a strong reputation in the industry, and it
views a robust information security
program as part of the means to achieving its goal. The
company looks to monitor and remain compliant
to any regulation impacting its operations.
Limetree Inc. recently experienced a security breach; it believes
confidential company data has been
stolen, including personal health information (PHI) used in a
research study. Limetree Inc. believes the
breach may have occurred because of some security
vulnerabilities within its system and processes.
Limetree Inc.’s virtual environment is presented in the Agent
Surefire: InfoSec educational video game.
The rest of the environment is presented via an interview with
the security manager, Jack Sterling.
Highlight of Interview with Jack Sterling
Interview with Jack Sterling revealed the following about

Limetree Inc.’s system and processes:
Hardware/Software:
Desktop Apps: Internet Explorer, Firefox, Google Chrome, MS
Office, Adobe Flash, Adobe Acrobat
Applications/Databases:
– Browser in use is Internet Explorer and browser
security setting was set to low.
Browsers allow remote installation of applets, and there is no
standard browser for the
environment.
rus Software – MacAfee is deployed locally on each user's
machine and users are mandated to
update their virus policy every month.
– Ordinary users can escalate privilege via
SQL Agent. Disk space for SQL database
log is small and is overwritten with new information when it is
full. Limetree Inc. is not using any
encryption for sensitive data at rest within the SQL server
environment.
Network:
The network comprises the following: three web/applications
servers, three email servers, five file and
printer servers, two proxy servers, seven remotely manageable
Cisco switches, 250 desktops, three
firewall devices, one gateway (router) device to the internet,
and three wireless access points.
Configuration Highlights:

– Wireless network is available with clearly
advertised SSID, and it is part of the local
area network (LAN). There is no segmentation or authentication
between the wireless and wired
LAN. Visitors are provided access code to the wireless network
at the front desk to use the
internet while they wait to be attended to.
– There is no logging of network activities
on any of the switches.
– Public-facing web server is part of the LAN.
This is where internet users get
needed information on the company. The web servers are
running the following services in
addition: File & Print Services, Telnet, IIS.
– Firewall configuration is very secure, and the
logs are reviewed when there is
suspicion of a security event. The following files types are
allowed for inbound connection: EXE,
DOC, XML, VBS. In addition, Telnet and FTP are allowed for
inbound connection.
– Users determine the length of the password and
complexity, but it is mandatory to
change password once a year.
manager and users are notified
immediately once the changes are implemented.

Documentation:
I. There is no documented security policy, or computer use
policy.
II. There is no documented process for changes to the system.
III. There is no contingency plan.
System Backup:
I. Backup is conducted daily by the network administrator, and
tapes are kept safely in the
computer room.
Personnel/Physical Security:
I. While users are not trained on security awareness, emails go
out every month from the system
administrator warning users of emerging threat.
II. Visitors sign in at the front desk before they are allowed to
walk in to see employees at their
respective offices.
III. Remote employees connect via virtual private network.
Their laptops are configured exactly as
the desktops in the office with unencrypted hard drives.
IV. Often users are allowed to bring in their own laptops,
connect to corporate system, and
complete their tasks, especially if they are having issues with
laptops provided by the company.

Incident Response:
At Limetree Inc., systems administrators are notified of
computer incidents, and the administrators
escalate to the IT manager, who reports incidents to the security
manager if they are deemed relevant.
Currently there is no official documented process of reporting
incidents. There is also no previous
documented history of incidents, even though Limetree Inc. has
experienced quite a few. Corrective
measures are taken immediately after an incident, though none
of the measures was ever documented.
ISE 510 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a security
breach analysis and recommendations.
The relevance of risk assessment cannot be overemphasized as
organizations establish or reaffirm their security posture,
especially in the wake of overwhelming
computer security breaches at many organizations in the United
States and around the world, including government agencies.
Organizations seek to understand
their compliance status for current regulations as well as their
vulnerability in order to adopt a proper approach to manage
risks. It is equally important to
conduct a risk assessment after a system breach has occurred to

better understand the threats and the vulnerabilities exploited.
For your final project, you will analyze an information security
breach that has already occurred. This will place you in the role
of a risk assessment expert, coming
in to determine how the breach occurred and develop strategies
to mitigate against the breach reoccurring. Risk assessment
experts can fill the positions of
penetration testers, information security auditors, and
independent verification and validation analysts, for example.
Such roles will continue to gain relevance as
organizations and governments continue to move sensitive
financial information, personal health information (PHI), and
personally identifiable information (PII)
across publicly accessible networks and storage devices.
For the final project for this course, you will analyze an
information security breach provided in the Final Project
Scenario document and the educational video
game (Agent Surefire: InfoSec) you will play in Module Three.
In your analysis, you will discuss how the breach occurred, the
incident response processes that
were initiated, the impact of the breach, and applicable
regulations to the organization. Then, you will develop a
security test plan for the breached system and
create security controls to ensure that the breach will not
reoccur.
The project is divided into three milestones, which will be
submitted at various points throughout the course to scaffold
learning and ensure quality final
submissions. These milestones will be submitted in Modules
Three, Five, and Seven. The final product will be submitted in
Module Nine.
This assessment addresses the following course outcomes:

ybersecurity attacks occur in organizations
through analysis of security breaches
in ensuring business continuity in support of organizational
goals
ulations on the
information security of organizations
physical security assessment projects based on established
cybersecurity standards
lication,
website, and network vulnerabilities
culture and communication challenges that could affect
cybersecurity risk assessment in a
diversified world
Prompt
Your security breach analysis and recommendations should
answer the following prompt: Using your Final Project Scenario
and gameplay from the educational
video game Agent Surefire: InfoSec that you will complete in
Module Three, analyze the information security breach to

determine how the breach occurred,
evaluate the incident response processes, and assess the impact
of the breach and applicable regulations on the business or
organization. Then use your analysis
to develop a security test plan, security controls to mitigate
risk, and recommendations that reduce the impact of
organizational culture and communication
challenges.
Specifically, the following critical elements must be addressed:
I. Introduction: Provide a brief profile of the business or
organization that has been attacked, including its organizational
goals. In your profile, you could
consider the industry in which the business or organization
operates and the product or service that is the focus, for
example.
II. Security Breach: In this section, you will analyze one current
information security breach, describing the business or
organization that has been affected
by this breach and explaining how the breach occurred.
Specifically, you should:
A. Attack Location: Determine what part of the business or
organization was attacked by analyzing the security breach that
occurred. For example,
was the network attacked? Or was the company website hacked?
B. Attack Method and Tools: Analyze the security breach to
determine the method and tools that were used to effect the
attack. In other words,
how did the attack occur?
C. Vulnerabilities: Based on your analysis, what vulnerabilities

of the business or organization were exploited? How were the
vulnerabilities
discovered? For example, were the vulnerabilities discovered by
an employee, a third party, or a customer?
III. Incident Response: In this section, you will evaluate the
incident response processes that were initiated in response to
the breach. Specifically, you
should:
A. Actions: What incident response actions were initiated to
minimize the impact of the breach? In other words, what did the
business or
organization do to address the vulnerabilities and resume
normal system operations after the breach?
B. Business Continuity: Evaluate these incident response
actions for their effectiveness in allowing the business to
resume normal system
operations after the breach. In other words, how effective were
these incident response actions in ensuring business continuity
and supporting
the organization’s goals?
IV. Impact: In this section, you will discuss the possible
impacts of applicable cybersecurity regulations to the business
or organization. Specifically, you
should:
A. Application: Describe the government and industry
regulations that apply to the business or organization in relation
to the security breach. For
example, what legislation, directives, and policies relate to the
security breach?
B. Impact: How do these regulations impact the business or

organization and its information security? Support your
response with specific
examples.
C. Financial and Legal Implications: Discuss possible financial
and legal implications of the security breach for the business or
organization. Will the
business or organization be subject to any fines or sanctions
because of the security breach, for example?
V. Security Test Plan: In this section, you will develop a
security test plan for the breached system, basing your plan on
your analysis of the security breach
and established cybersecurity standards such as those from the
National Institute of Standards and Technology (NIST).
Specifically, you should:
http://snhu-
media.snhu.edu/files/course_repository/graduate/ise/ise510/ise5
10_final_project_scenario.pdf
https://moodle.jblcourses.com/course/view.php?id=2267
https://moodle.jblcourses.com/course/view.php?id=2267
A. Scope: Determine the scope of the risk assessment. For
example, what assets, threats, and vulnerabilities will need to be
addressed? Will the
risk assessment need to include networks, applications, or
physical security systems? What policies and procedures will
need to be reviewed?
B. Resources: Document the resources required for the risk
assessment. In other words, what do you need to actually do the
assessment?
C. Hardware and Software: Create a list of system hardware and

software within the target of the risk assessment. In other
words, what are the
parts of the system that you are assessing?
D. Tools: Determine the necessary tools for the risk assessment,
based the list of system hardware and software you created.
VI. Risk Mitigation: In this section, you will create security
controls to ensure that the breach will not reoccur. Specifically,
you should:
A. Security Controls: Create at least five security controls that
mitigate future risks by ensuring that the security breach will
not reoccur. These
controls can be technical, administrative, or personnel security
controls, for example.
B. Vulnerabilities: How will the security controls you created
mitigate risks by reducing application, website, and network
vulnerabilities?
C. Evaluation: What are the criteria for measuring the controls
to ensure they are properly implemented? In other words, how
will the security
controls be evaluated?
VII. Conclusion: In this section, you will recommend methods
to reduce the impact of organizational culture and
communication challenges. Specifically, you
should:
A. Communication: Document interpersonal communication
issues encountered within the risk assessment team. How were
the issues resolved?
B. Organizational Culture: What challenges to organizational
culture occurred as a result of the security breach? In your
response, consider the

impact of the security breach on the reputation of the business
or organization.
C. Recommendations: What methods can you recommend to
reduce the impact of these communication and organizational
cultural issues in
future risk assessments?
Milestones
Milestone One: Kickoff Agenda
In Module Three, you will submit a kickoff agenda. This
milestone will be graded with the Milestone One Rubric.
Milestone Two: Test Plan
In Module Five, you will submit a test plan. This milestone will
be graded with the Milestone Two Rubric.
Milestone Three: Incident Response Plan
In Module Seven, you will submit an incident response plan.
This milestone will be graded with the Milestone Three Rubric.
Final Submission: Security Breach Analysis and
Recommendations
In Module Nine, you will submit your final project. It should be
a complete, polished artifact containing all of the critical
elements of the final product. It should
reflect the incorporation of feedback gained throughout the
course. It should also be structured to follow the outline
presented in the Prompt. This submission
will be graded with the Final Project Rubric (below).

Deliverables
Milestone Deliverables Module Due Grading
One Kickoff Agenda Three Graded separately; Milestone One
Rubric
Two Test Plan Five Graded separately; Milestone Two Rubric
Three Incident Response Plan Seven Graded separately;
Milestone Three Rubric
Security Breach Analysis and
Recommendations
Nine Graded separately; Final Project Rubric (below)
Final Project Rubric
Guidelines for Submission: Your security breach analysis and
recommendations should adhere to the following formatting
requirements: 10–15 pages, double-
spaced, using 12-point Times New Roman font, and one-inch
margins. You should use current APA style guidelines for your
citations and reference list, if
applicable.

Introduction
profile expertly balances
necessary detail with brevity
Provides brief profile of business
or organization that has been
attacked and its organizational
goals
Provides brief profile of business
or organization that has been
attacked and its organizational
goals but with gaps in clarity,
detail, or accuracy
Does not provide brief profile of
business or organization that has
been attacked and its
5.36
Security Breach: Attack
Location
response demonstrates keen

insight into how cybersecurity
attacks occur in organizations
Determines what part of business
or organization was attacked by
analyzing security breach
Determines what part of business
or organization was attacked by
analyzing security breach, but
with gaps in accuracy or logic
Does not determine what part of
business or organization was
attacked by analyzing security
breach
5.36
Security Breach: Attack
Method and Tools
insight into how methods and
tools influence cybersecurity
attacks in organizations
Determines method and tools
used to effect attack by analyzing
security breach
Determines method and tools
used to effect attack by analyzing
security breach, but with gaps in

accuracy or logic
Does not determine method and
tools used to effect attack by
analyzing security breach
5.36
Security Breach:
Vulnerabilities
insight into the vulnerabilities
cybersecurity attackers exploit
Explains which vulnerabilities
were exploited and how they
were discovered, based on
analysis of security breach
Explains which vulnerabilities
were exploited and how they
were discovered, but explanation
is not based on analysis of
security breach or has gaps in
clarity, detail, or accuracy
Does not explain which
vulnerabilities were exploited
and how they were discovered
5.36
Incident Response:

Actions
description demonstrates
nuanced understanding of use of
incident response processes
Describes incident response
actions that were initiated to
minimize impact of breach
Describes incident response
actions that were initiated to
minimize impact of breach, but
with gaps in clarity, detail, or
accuracy
Does not describe incident
response actions that were
initiated to minimize impact of
breach
5.36
http://snhu-
Incident Response:
Business Continuity

evaluation demonstrates keen
insight into effectiveness of
incident response processes in
ensuring business continuity
Evaluates incident response
actions for their effectiveness in
allowing the business to resume
normal system operations after
the breach
Evaluates incident response
actions for their effectiveness in
allowing the business to resume
normal system operations after
the breach, but with gaps in
clarity, detail, or logic
Does not evaluate incident
response actions for their
effectiveness in allowing the
business to resume normal
system operations after the
breach
5.36
Impact: Application
description demonstrates
nuanced understanding of
cybersecurity regulations
Describes government and

industry regulations that apply to
business or organization in
relation to security breach
Describes government and
industry regulations that apply to
business or organization in
relation to security breach, but
accuracy
Does not describe government
and industry regulations that
apply to business or organization
in relation to security breach
5.36
Impact: Impact
assessment demonstrates keen
insight into relationship between
cybersecurity regulations and
information security of
organizations
Assesses impact of regulations on
business or organization and its
information security, supporting
response with specific examples
Assesses impact of regulations on
business or organization and its
information security but

assessment is cursory, inaccurate,
or has gaps in support
Does not assess impact of
regulations on business or
organization and its information
security
5.36
Impact: Financial and
Legal Implications
response demonstrates deep
understanding of cybersecurity
regulations
Discusses possible financial and
legal implications of security
breach for business or
organization
Discusses possible financial and
legal implications of security
breach for business or
organization but with gaps in
Does not discuss possible
financial and legal implications of
security breach for business or
organization
5.36

Security Test Plan:
Scope
response demonstrates nuanced
understanding of using
established cybersecurity
standards in developing the
scope of security test plans
assessment, based on analysis of
security breach and established
Does not determine scope of risk
assessment
4
Security Test Plan:
Resources

resources
for risk assessment, based on
standards
for risk assessment, but response
has gaps in accuracy or detail or
is not based on analysis or
Does not document resources
required for risk assessment
4
Security Test Plan:
Hardware and Software
standards in determining

and software within target of risk
assessment, based on analysis of
security breach and established
and software within target of risk
Does not create list of system
4
Security Test Plan:
Tools
test plans with appropriate tools
Determines necessary tools for
risk assessment, based on list of
system hardware and software,
analysis of security breach, and
standards

Determines necessary tools for
risk assessment but response is
not based on list of hardware and
software, breach analysis, or
established standards or has gaps
in accuracy or detail
Does not determine necessary
tools for risk assessment
4
Risk Mitigation:
Security Controls
security controls demonstrate
nuanced understanding of risk
mitigation
Creates at least five security
controls that mitigate future risks
by ensuring that the security
breach will not reoccur
Creates at least five security
controls, but not all controls
mitigate future risks by ensuring
that the security breach will not
reoccur
Does not create at least five
security controls

5.36
Risk Mitigation:
Vulnerabilities
insight into using security
controls to address application,
website, and network
vulnerabilities
Explains how security controls
will mitigate risks by reducing
application, website, and
network vulnerabilities
Explains how security controls
will mitigate risks by reducing
application, website, and
network vulnerabilities, but with
gaps in clarity, detail, or accuracy
Does not explain how security
controls will mitigate risks by
reducing application, website,
and network vulnerabilities
5.36
Risk Mitigation:
Evaluation

explanation demonstrates deep
understanding of security
controls
Explains criteria for measuring
controls to ensure they are
properly implemented
Explains criteria for measuring
controls to ensure they are
properly implemented, but with
gaps in accuracy or logic
Does not explain criteria for
measuring controls to ensure
they are properly implemented
5.36
Conclusion:
Communication
communication challenges and
risk assessment
Documents interpersonal
communication issues
encountered within risk
assessment team and explains
how issues were resolved
Documents interpersonal

assessment team and explains
how issues were resolved, but
accuracy
Does not document interpersonal
assessment team and explain
how issues were resolved
5.36
Conclusion:
Organizational Culture
organizational culture challenges
and risk assessment
Describes challenges to
organizational culture that
occurred as a result of the
security breach, addressing
impact of security breach on
reputation of business or
organization

Describes challenges to
organization, but with gaps in
Does not describe challenges to
organization
5.36
Conclusion:
Recommendations
recommended methods
demonstrate nuanced
understanding of impact of
organizational culture and
communication challenges on
information security
Recommends appropriate
methods for reducing impact of
communication and
organizational culture issues in
future risk assessments

Recommends methods for
reducing impact of
communication and
organizational culture issues in
future risk assessments, but with
gaps in appropriateness or
applicability
Does not recommend methods
for reducing impact of
communication and
organizational culture challenges
in future risk assessments
5.36
Articulation of
Response
spelling, syntax, and organization
and is presented in a professional
and easy-to-read format
that negatively impact readability
and articulation of main ideas

ideas
3.6
Total 100%

ISE 510 Final Project Milestone Two Guidelines and Rubric .docx

Recommended

Recommended

More Related Content

Similar to ISE 510 Final Project Milestone Two Guidelines and Rubric .docx

Similar to ISE 510 Final Project Milestone Two Guidelines and Rubric .docx (20)

More from aryan532920

More from aryan532920 (20)

Recently uploaded

Recently uploaded (20)

ISE 510 Final Project Milestone Two Guidelines and Rubric .docx