This document outlines the requirements for a final project to create an information assurance plan for an organization. It provides details on the key elements that must be addressed in the plan, including an introduction assessing the current state of information security, analysis of roles and responsibilities, a risk assessment, and recommendations for policies around incident response, disaster recovery, and access controls. It also describes the milestones that will be submitted throughout the course to receive feedback, including sections on the introduction, roles and responsibilities, risk assessment, and statements of policy. The final information assurance plan is due at the end of the course and must comprehensively address all required elements.
Project 1Create an application that displays payroll informatio.docx
1. Project 1:
Create an application that displays payroll information by:
a. Drawing the flowchart for this application.
b. Write the code by using Visual Basic programming language.
Design your application to have the following characteristics:
1. The application should allow the user to enter the following
data for ten employees:
· Employee Id
· Number of hours worked
· Hourly pay rate
· Percentage to be withheld for state income tax
· Percentage to be withheld for federal income tax
· Percentage to be withheld for The Federal Insurance
Contributions Act ( FICA)
2. The application should calculate and display the following
data for each employee (in a one list Box or in multiple list
Boxes:
· Gross pay (the number of hours worked multiplied by the
hourly pay rate)
· State income tax withholdings (gross pay multiplied by state
income tax percentage)
· Federal income tax withholdings (gross pay multiplied by
federal income tax percentage)
· FICA withholdings (gross pay multiplied by FICA income tax
percentage)
· Net pay (the gross pay minus state income tax, federal income
tax, and FICA)
3. When the calculations are performed, be sure to check for the
following error:
2. · If any employee’s state income tax plus federal tax plus FICA
is greater than the employee’s gross pay, display an error
message stating that the withholdings are too great
4. Make sure to clear all textboxes and labels before entering
the information for the new employee
5. Provide ‘Exit’ button which is used to terminate project
execution
6. Hitting the [Esc] key should produce the same effect as
clicking the ‘Exit’ button
Note: Please, print the flowchart and the source code of your
application. Also, I will see the execution of your application.
IT 549 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a functional
information assurance plan.
The effective management of information and protection of
pertinent data is essential for leveraging the required knowledge
to serve customers and
stakeholders on a continuous basis. Employing information
assurance best practices will ensure a firm is able to eliminate
hierarchical structures, become more
flat, and have greater customer touch points by leveraging the
correct information at the right time. Successful firms will
maintain an established information
3. assurance plan and posture that are reviewed on a weekly basis.
This assessment will consist of the creation of a functional
information assurance plan. You will review a real-world
business scenario in order to apply
information assurance research and incorporate industry best
practices to your recommendations for specific strategic and
tactical steps. These skills are crucial
for you to become a desired asset to organizations seeking
industry professionals in the information assurance field.
The project is divided into four milestones, which will be
submitted at various points throughout the course to scaffold
learning and ensure quality final
submissions. These milestones will be submitted in Modules
Two, Four, Five, and Seven. The final product will be submitted
in Module Nine.
In this assignment, you will demonstrate your mastery of the
following course outcomes:
vailability of
information in a given situation for their relation to an
information assurance plan
responses and managing security functions that adhere to best
practices for information
assurance
research and industry best practices to inform network
governance
4. practices for maintaining an information assurance plan
te the appropriateness of information assurance
decisions about security, access controls, and legal issues
information assurance to determine potential impact on an
organization and mitigate associated
risks
Prompt
Your information assurance plan should answer the following
prompt: Review the scenario and create an information
assurance plan for the organization
presented in the scenario.
Specifically, the following critical elements must be addressed
in your plan:
I. Information Assurance Plan Introduction
a) Provide a brief overview of the goals and objectives of your
information assurance plan, including the importance of
ensuring the confidentiality,
integrity, and availability of information. What are the benefits
of creating and maintaining an information assurance plan
around those key
concepts?
b) Assess the confidentiality, integrity, and availability of
information within the organization.
5. c) Evaluate the current protocols and policies the organization
has in place. What deficiencies exist within the organization’s
current information
assurance policies? What are the potential barriers to
implementation of a new information assurance plan?
II. Information Security Roles and Responsibilities
a) Analyze the role of the key leaders within the organization
specific to how their responsibilities are connected to the
security of the organization’s
information. What is the relationship between these roles?
b) Evaluate key ethical and legal considerations related to
information assurance that must be taken into account by the
key leaders within the
organization. What are the ramifications of key leaders not
properly accounting for ethical and legal considerations?
c) What are the key components of information assurance as
they relate to individual roles and responsibilities within the
information assurance
plan? For example, examine the current policies as they relate
to confidentiality, integrity, and availability of information.
III. Risk Assessment
a) Analyze the environment in which the organization operates,
including the current protocols and policies in place related to
information
assurance.
b) Evaluate the threat environment of the organization.
c) Based on your analysis and evaluation, what are the best
6. approaches for implementing information assurance principles?
Where do you see the
most areas for improvement to current protocols and policies?
d) Assess the threats and vulnerabilities of the organization by
creating a risk matrix to outline the threats and vulnerabilities
found and determine
possible methods to mitigate the identified dangers.
IV. Statements of Policy
a) Develop appropriate incident response protocols to respond
to the various threats and vulnerabilities identified within the
organization.
b) Justify how the incident response protocols will mitigate the
threats to and vulnerabilities of the organization. Support your
justification with
information assurance research and best practices.
c) Develop appropriate disaster response protocols to respond to
the various threats and vulnerabilities identified within the
organization.
d) Justify how the disaster response protocols will mitigate the
threats to and vulnerabilities of the organization. Support your
justification with
information assurance research and best practices.
e) Develop appropriate access control protocols that provide an
appropriate amount of protection while allowing users to
continue to operate
without denial of service.
f) Justify your access control protocols. Support your
justification with information assurance research and best
practices.
7. g) Recommend a method for maintaining the information
assurance plan once it has been established.
h) Justify how your maintenance plan will ensure the ongoing
effectiveness of the information assurance plan. Support your
justification with
information assurance research and best practices.
V. Conclusion
a) Summarize the need for an information assurance plan for the
selected organization, including the legal and ethical
responsibilities of the
organization to implement and maintain an appropriate
information assurance plan.
b) Defend the key elements of your information assurance plan,
including which members of the organization would be
responsible for each
element.
Milestones
Milestone One: Information Assurance Plan Introduction
In Module Two, you will submit your introduction to the
information assurance plan. This section of the plan will
provide the overview of the current state of
the organization. Provide a brief overview of the goals and
objectives of your information assurance plan, including the
importance of ensuring the
confidentiality, integrity, and availability of information. What
are the benefits of creating and maintaining an information
8. assurance plan around those key
concepts? Are there current protocols and policies the
organization has in place? Additionally, what deficiencies exist
within the organization’s current
information assurance policies? What are the potential barriers
to implementation of a new information assurance plan? This
milestone is graded with the
Milestone One Rubric.
Milestone Two: Information Security Roles and Responsibilities
In Module Four, you will submit your roles and responsibilities
portion of the final project. Who are the key leaders of the
organization specific to how their
responsibilities are connected to the security of the
organization’s information? You must also identify key ethical
considerations. What are the ramifications of
key leaders not properly accounting for ethical and legal
considerations? What are the key components of information
assurance as they relate to individual roles
and responsibilities within the information assurance plan? For
example, examine the current policies as they relate to
confidentiality, integrity, and availability of
information. This milestone is graded with the Milestone Two
Rubric.
Milestone Three: Risk Assessment
In Module Five, you will submit the risk assessment portion of
the information assurance plan. You will provide the
organization with an assessment of the
threat environment and the risks within, as well as methods
designed to mitigate these risks. Based on your analysis and
evaluation, what are the best
approaches for implementing information assurance principles?
Where do you see the most areas for improvement to current
protocols and policies? This
milestone is graded with the Milestone Three Rubric.
9. Milestone Four: Statements of Policy
In Module Seven, you will submit your plan pertaining to
statements of policy. You will recommend protocols and
mitigating factors to the organization. Justify
how the disaster response protocols will mitigate the threats to
and vulnerabilities of the organization. You will focus on
disaster and incident response protocols
as well as access control. Assess, your proposed method for
maintaining the success of the plan going forward. Justify how
your method will ensure the ongoing
effectiveness of the information assurance plan. This milestone
is graded with the Milestone Four Rubric.
Final Submission: Information Assurance Plan
In Module Nine, you will submit your information assurance
plan. It should be a complete, polished artifact containing all of
the critical elements of the final
product. It should reflect the incorporation of feedback gained
throughout the course. This submission will be graded with the
Final Product Rubric.
Deliverables
Milestone Deliverable Module Due Grading
1 Information Assurance Plan Introduction Two Graded
separately; Milestone One Rubric
2 Information Security Roles and
10. Responsibilities
Four Graded separately; Milestone Two Rubric
3 Risk Assessment Five Graded separately; Milestone Three
Rubric
4 Statements of Policy Seven Graded separately; Milestone
Four Rubric
Final Submission: Information Assurance
Plan
Nine Graded separately; Final Product Rubric
Final Product Rubric
Guidelines for Submission: Your information assurance plan
should adhere to the following formatting requirements: 10–12
pages, double-spaced, using 12-
point Times New Roman font and one-inch margins. Use
discipline-appropriate citations.
Instructor Feedback: This activity uses an integrated rubric in
Blackboard. Students can view instructor feedback in the Grade
Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
11. Overview of Goals
and Objectives
Meets “Proficient” criteria and
quality of overview establishes
expertise in the discipline
Provides a brief but
comprehensive overview of the
goals and objectives of the
information assurance plan,
including the importance of
ensuring the confidentiality,
integrity, and availability of
information and the benefits of
creating and maintaining an
information assurance plan
Provides a brief overview of the
goals and objectives of the
information assurance plan but
does not include the importance
of ensuring the confidentiality,
integrity, and availability of
information or the benefits of
creating and maintaining an
information assurance plan
Does not provide a brief overview
of the goals and objectives of the
information assurance plan
4
12. Confidentiality,
Integrity, and
Availability of
Information
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of key information
assurance concepts
Accurately assesses the
confidentiality, integrity, and
availability of information within
the organization
Assesses the confidentiality,
integrity, and availability of
information within the
organization but some elements
of the assessment may be
illogical or inaccurate
Does not assess the
confidentiality, integrity, and
availability of information within
the organization
5
Current Protocols
and Policies
Meets “Proficient” criteria and
demonstrates deep insight into
13. complex deficiencies and barriers
to implementation of a new
information assurance plan
Logically evaluates the current
protocols and policies in place,
including deficiencies that
currently exist and potential
barriers to implementation of a
new information assurance plan
Evaluates the current protocols
and policies in place but does not
address the deficiencies that
currently exist or potential
barriers to implementation of a
new information assurance plan,
or evaluation is illogical
Does not evaluate the current
protocols and policies in place
4
Responsibilities of
Key Leaders
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of the relationship
between these roles and
information security
Analyzes the role of the key
leaders within the organization
14. specific to how their
responsibilities are connected to
the security of the organization’s
information
Analyzes the role of the key
leaders within the organization
but misses key roles or aspects of
responsibilities specific to the
security of the organization’s
information
Does not analyze the role of the
key leaders within the
organization
5
http://snhu-
media.snhu.edu/files/production_documentation/formatting/rubr
ic_feedback_instructions_student.pdf
Key Ethical and Legal
Considerations
Meets “Proficient” criteria and
provides complex or insightful
reflection of the ramifications of
key leaders not properly
accounting for ethical and legal
considerations
Accurately evaluates key ethical
15. and legal considerations related
to information assurance that
must be taken into account by
the key leaders within the
organization, including the
ramifications of key leaders not
properly accounting for ethical
and legal considerations
Evaluates ethical and legal
considerations related to
information assurance that must
be taken into account by the key
leaders within the organization
but does not include the
ramifications of key leaders not
properly accounting for ethical
and legal considerations, or
evaluation is inaccurate
Does not evaluate ethical and
legal considerations related to
information assurance that must
be taken into account by the key
leaders within the organization
5
Key Components of
Information
Assurance
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of how each key
16. component identified impacts
each individual’s role and
responsibility
Comprehensively addresses
components of information
assurance as they relate to
individual roles and
responsibilities within the
information assurance plan
Addresses components of
information assurance as they
relate to individual roles and
responsibilities within the
information assurance plan but
does not address confidentiality,
integrity, and/or availability of
information
Does not address any
components of information
assurance as they relate to
individual roles and
responsibilities within the
information assurance plan
5
Analysis of
Environment
Meets “Proficient” criteria and
demonstrates unique or
insightful reflection of current
17. protocols and policies
Logically analyzes the
environment in which the
organization operates, including
the current protocols and policies
in place related to information
assurance
Analyzes the environment in
which the organization operates
but does not include the current
protocols and policies in place
related to information assurance
Does not analyze the
environment in which the
organization operates
5
Threat Environment
Meets “Proficient” criteria and
demonstrates deep insight into
hidden or complex threats or
vulnerabilities
Accurately analyzes the threat
environment of the organization
Evaluates the threat environment
of the organization but misses
crucial threats or vulnerabilities,
or the evaluation is inaccurate
18. Does not evaluate the threat
environment of the organization
5
Best Approaches
Meets “Proficient” criteria and
demonstrates unique or
insightful reflection regarding
areas for improvement
Comprehensively discusses best
approaches for implementing
information assurance principles,
including areas of improvement
to current protocols and policies
Discusses best approaches for
implementing information
assurance principles, but does
not fully develop ideas related to
areas of improvement to current
protocols and policies
Does not discuss best approaches
for implementing information
assurance principles
5
19. Risk Matrix
Meets “Proficient” criteria and
demonstrates deep insight into
hidden or complex threats or
vulnerabilities and possible
methods to mitigate the
identified dangers
Creates a risk matrix to
comprehensively and accurately
assess the threats to and
vulnerabilities of the
organization, including possible
methods to mitigate the
identified dangers
Creates a risk matrix to assess the
threats to and vulnerabilities of
the organization but does not
include possible methods to
mitigate the identified dangers,
or assessment is incomplete or
inaccurate
Does not create a risk matrix to
assess the threats to and
vulnerabilities of the organization
5
Incident Response
Protocols
20. Meets “Proficient” criteria and
provides secondary incident
response protocols in the event
that primary protocols fail
Develops appropriate incident
response protocols to respond to
the various threats and
vulnerabilities identified
Develops incident response
protocols to respond to the
various threats and
vulnerabilities identified, but they
are not all appropriate or do not
respond to all the threats and
vulnerabilities
Does not develop incident
response protocols
5
Justification of
Incident Response
Protocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of not
providing for adequate incident
response protocols
Logically justifies how the
21. incident response protocols will
mitigate the threats to and
vulnerabilities of the organization
with support from information
assurance research and best
practices
Justifies how the incident
response protocols will mitigate
the threats to and vulnerabilities
of the organization with minimal
support from information
assurance research and best
practices, or justification is
illogical
Does not justify how the incident
response protocols will mitigate
the threats and vulnerabilities to
the organization
5
Disaster Response
Protocols
Meets “Proficient” criteria and
demonstrates deep insight into
responding to hidden or complex
threats or vulnerabilities
Develops appropriate disaster
response protocols to respond to
the various threats and
vulnerabilities identified
22. Develops disaster response
protocols to respond to the
various threats and
vulnerabilities identified, but they
are not all appropriate or do not
respond to all the threats and
vulnerabilities
Does not develop disaster
response protocols
4
Justification of
Disaster Response
Protocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of not
providing for adequate disaster
response protocols
Logically justifies how the
disaster response protocols will
mitigate the threats to and
vulnerabilities of the organization
with support from information
assurance research and best
practices
Justifies how the disaster
response protocols will mitigate
23. the threats to and vulnerabilities
of the organization with minimal
support from information
assurance research and best
practices, or justification is
illogical
Does not justify how the disaster
response protocols will mitigate
the threats to and vulnerabilities
of the organization
5
Access Control
Protocols
Meets “Proficient” criteria and
demonstrates unique or
insightful reflection into
appropriate protocols
Develops appropriate access
control protocols that provide an
appropriate amount of protection
while allowing users to continue
to operate without denial of
service
Develops access control
protocols, but they do not
provide an appropriate amount
24. of protection while allowing
users to continue to operate
without denial of service
Does not develop access control
protocols
4
Justification of Access
Control Protocols
Meets “Proficient” criteria and
provides unique or insightful
reflection into the dangers of not
providing for adequate access
control protocols
Logically justifies the access
control protocols with support
from information assurance
research and best practices
Justifies the access control
protocols with minimal support
from information assurance
research and best practices, or
justification is illogical
Does not justify the access
control protocols
5
Method for
25. Maintaining the
Information
Assurance Plan
Meets “Proficient” criteria and
provides an established interval
for the recommended
maintenance actions
Recommends a comprehensive
method for maintaining the
information assurance plan once
it has been established
Recommends a method for
maintaining the information
assurance plan once it has been
established but
recommendations are not fully
developed
Does not recommend a method
for maintaining the information
assurance plan once it has been
established
5
Justification of
Maintenance Plan
Meets “Proficient” criteria and
provides insight into the dangers
26. of not providing for an adequate
maintenance plan
Logically justifies how the
maintenance plan will ensure the
ongoing effectiveness of the
information assurance plan with
support from information
assurance research and best
practices
Justifies how the maintenance
plan will ensure the ongoing
effectiveness of the information
assurance plan with minimal
support from information
assurance research and best
practices or justification is
illogical
Does not justify how the
maintenance plan will ensure the
ongoing effectiveness of the
information assurance plan
5
Summary of Need for
Information
Assurance Plan
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of the need for an
27. information assurance plan
Concisely summarizes the need
for an information assurance
plan, including the legal and
ethical responsibilities of the
organization to implement and
maintain an appropriate
information assurance plan
Summarizes the need for an
information assurance plan but
does not include the legal and
ethical responsibilities of the
organization to implement and
maintain an appropriate
information assurance plan or is
not concise
Does not summarize the need for
an information assurance plan
5
Defense of Key
Elements of
Information
Assurance Plan
Meets “Proficient” criteria and
demonstrates a nuanced
understanding of which members
of the organization should be
responsible for each element
28. Strongly defends key elements of
the information assurance plan,
including which members of the
organization would be
responsible for each element and
who should be contacted in the
event of an incident
Defends key elements of the
information assurance plan but
does not include which members
of the organization would be
responsible for each element, or
defense is weak
Does not defend elements of the
information assurance plan
5
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, syntax, and organization
and is presented in a professional
and easy-to-read format
Submission has no major errors
related to citations, grammar,
29. spelling, syntax, or organization
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact readability
and articulation of main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent understanding of
ideas
4
Earned Total 100%
Running head:
1
2
Information Assurance Introductions: Module 1
30. Tyrone Armstrong
IT549: Information Assurance
Southern New Hampshire University
Information Assurance Plan
The goals and of the Information Assurance plan are to help
ensure the information is safe, confidential, has integrity and is
readily available when required. The information assurance
plan will also contribute to mitigating any security issues that
the information system might face which might lead to the loss
of data and information (Schou & Shoemaker, 2006). Where
there are good mitigation plans, the system will be able to
recover quickly back into a working condition in case it had
failed in the first place. The safety of the stored data is another
main reason why the information assurance plan is developed.
This safety includes the protection of the data from persons who
are not allowed to access it.
An information assurance plan has several benefits. The plans
allow for the summarization of essential concepts in computing
which affect the data integrity and security (Schou &
Shoemaker, 2006). The plan also comes in handy when there is
the need to trouble shoot, access or even configure hardware as
well as manage files which affect data. The plan also makes use
of relational database design technology to design the best data
models for the database (Schou & Shoemaker, 2006). Another
benefit that is associated with information assurance is the
provision of development of business applications.
An effective plan would put into consideration the
31. methodologies that are required to develop these applications.
With this plan, information security threats as well as risks are
managed properly. These are the required minimum objectives
of an effective information assurance plan. Currently, the
organization has a security policy for the information systems
that guides how the data is handled. Notably, the company’s
policy includes an encryption policy. This policy details the
kind of encryption algorithms that are to be used when
encrypting data (Cannoy & Salam, 2010). The policy also
details the acceptable use of these algorithms. The organization
also has a policy on acceptable use of computing services. This
policy details how the staff members interact with the
Information Technology equipment at the workplace.
Other policies that are currently contained in the information
assurance policy of the organization include the ethics policy,
the password construction and the password protection policy.
The ethics policy encourages an open culture among the
employee as they work in the business (Cannoy & Salam, 2010).
On the other hand, the password construction policy details the
regulations about how to construct a password. This is the
particularly important factor regarding its direct impact on the
security of the data in the company. Finally, the current
information assurance policy includes the password protection
policy. The policy details particularly how strong passwords are
to be constructed.
There are certain aspects missing in the current information
assurance policy which needs to be looked into. The policy
needs to have a data breach policy. This particular policy will
detail how the company will respond to a breach. The
company’s vision and goal as it responds will pretty much
direct the kind of responses employed in a case of a breach.
With this policy, the company will remain focused and not react
in a way that will be disadvantageous to itself. The company
should also have a policy on disaster recovery. This policy will
detail how the company will recover from possible information
disasters by detailing how it will recover the IT systems, data as
32. well as applications critical to the management and security of
the company’s information (Vaughn, Henning & Siraj, 2003).
With the deficiencies that were in the current information
assurance plan, the company would not have been able to
recover the information efficiently. Matter of fact, it would not
have been able to recover some information at all. Sadly
enough, since there was no data breach policy in the first place,
the company would not have mitigated, created systems and put
hardware and software resources in place to prevent breaches.
Nevertheless, the potential barriers to the implementation of the
new plan include resistance by the staffs to change their mind
about the policy. These staff members will have to be trained
and educated on why it is important to implement these policies.
They should also be involved as the policy is being incorporated
into the current information assurance policy.
33. References
Cannoy, S. D., & Salam, A. F. (2010). A framework for health
care information assurance policy and compliance.
Communications of the ACM, 53(3), 126-131.
Schou, C., & Shoemaker, D. P. (2006). Information assurance
for the enterprise: A roadmap to information security. McGraw-
Hill, Inc..
Vaughn, R. B., Henning, R., & Siraj, A. (2003). Information
assurance measures and metrics-state of practice and proposed
taxonomy. In System Sciences, 2003. Proceedings of the 36th
Annual Hawaii International Conference on (pp. 10-pp). IEEE.