IT 549 Milestone Three Guidelines and Rubric
In order to effectively respond to applicable threats, information technology administrators must be able to accurately evaluate the threat environment. The
ability to engage in this evaluation originates from the performance of a risk assessment. Performing a risk assessment can take on many forms. One recent
method of engaging in risk assessment has come in the form of utilizing firewalls and firewall audit tools. Through these mea sures, IT administrators can map the
network and critically analyze where any potential vulnerabilities may lie. The outcomes of these measures results in increased awareness of the most likely types
of threats that may materialize, and enables administrators to configure the network in order to mitigate and address these weaknesses and vulnerabilities.
Prompt: In Module F ive, you will submit the risk assessment portion of the information assurance plan. You will provide the organization with an assessment of
the threat environment and the risks within, as well as methods designed to mitigate these risks. Based on your analysis and evaluation, what are the best
approaches for implementing information assurance principles? Where do you see the most important areas for improvement to current protocols and policies?
Specifically, the following critical elements must be addressed:
III. Risk Assessment
a) Analyze the environment in which the organization operates, including the current protocols and policies in place relat ed to information
assurance.
b) Evaluate the threat environment of the organization.
c) Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the
most important areas for improvement to current protocols and policies?
d) Assess the threats to and vulnerabilities of the organization by creating a risk matrix to outline the threats and vulnerabilities found and
determine possible methods to mitigate the identified dangers.
Rubric
Guidelines for Submission: Your paper must be submitted as a three- to four-page Microsoft Word document with double spacing, 12-point Times New Roman
font, one-inch margins, and at least three sources cited in APA format.
Critical Elements Proficient (100%) Needs Improvement (75%) Not Evident (0%) Value
Analysis of
Environment
Anal yzes the envi ronment i n
whi ch the organi zati on operates ,
i ncl udi ng the current protocol s
and pol i ci es i n pl ace rel ated to
i nformati on as s urance
Anal yzes the envi ronment i n
whi ch the organi zati on operates
but does not i ncl ude the current
protocol s and pol i cies i n pl ace
rel ated to i nformati on as surance
Does not anal yze the
envi ronment i n whi ch the
organi zati on operates
20
Threat Environment Eval uates the threat envi ronment
of the organi zati on
Eval uates the threat envi ronment
of t ...
IT 549 Milestone Three Guidelines and Rubric In order .docx
1. IT 549 Milestone Three Guidelines and Rubric
In order to effectively respond to applicable threats, information
technology administrators must be able to accurately evaluate
the threat environment. The
ability to engage in this evaluation originates from the
performance of a risk assessment. Performing a risk assessment
can take on many forms. One recent
method of engaging in risk assessment has come in the form of
utilizing firewalls and firewall audit tools. Through these mea
sures, IT administrators can map the
network and critically analyze where any potential
vulnerabilities may lie. The outcomes of these measures results
in increased awareness of the most likely types
of threats that may materialize, and enables administrators to
configure the network in order to mitigate and address these
weaknesses and vulnerabilities.
Prompt: In Module F ive, you will submit the risk assessment
portion of the information assurance plan. You will provide the
organization with an assessment of
the threat environment and the risks within, as well as methods
designed to mitigate these risks. Based on your analysis and
evaluation, what are the best
approaches for implementing information assurance principles?
Where do you see the most important areas for improvement to
current protocols and policies?
Specifically, the following critical elements must be addressed:
2. III. Risk Assessment
a) Analyze the environment in which the organization operates,
including the current protocols and policies in place relat ed to
information
assurance.
b) Evaluate the threat environment of the organization.
c) Based on your analysis and evaluation, what are the best
approaches for implementing information assurance principles?
Where do you see the
most important areas for improvement to current protocols and
policies?
d) Assess the threats to and vulnerabilities of the organization
by creating a risk matrix to outline the threats and
vulnerabilities found and
determine possible methods to mitigate the identified dangers.
Rubric
Guidelines for Submission: Your paper must be submitted as a
three- to four-page Microsoft Word document with double
spacing, 12-point Times New Roman
font, one-inch margins, and at least three sources cited in APA
format.
Critical Elements Proficient (100%) Needs Improvement (75%)
Not Evident (0%) Value
3. Analysis of
Environment
Anal yzes the envi ronment i n
whi ch the organi zati on operates ,
i ncl udi ng the current protocol s
and pol i ci es i n pl ace rel ated to
i nformati on as s urance
Anal yzes the envi ronment i n
whi ch the organi zati on operates
but does not i ncl ude the current
protocol s and pol i cies i n pl ace
rel ated to i nformati on as surance
Does not anal yze the
envi ronment i n whi ch the
organi zati on operates
20
Threat Environment Eval uates the threat envi ronment
of the organi zati on
Eval uates the threat envi ronment
of the organi zati on but mi s s es
cruci al threats or vul nerabi liti es ,
or the eval uati on i s i naccurate
Does not eval uate the threat
4. envi ronment of the organi zati on
20
Best Approaches Di s cus s es bes t approaches for
i mpl ementi ng i nformati on
as s urance pri nciples , i ncluding
areas of i mprovement to current
protocol s and pol i cies
Di s cus s es bes t approaches for
i mpl ementi ng i nformati on
as s urance pri nciples , but does
not ful l y devel op i deas rel ated to
areas of i mprovement to current
protocol s and pol i cies
Does not di s cus s bes t approaches
for i mpl ementi ng i nformati on
as s urance pri nciples
20
Risk Matrix Creates a ri s k matri x to
comprehens i vel y and accuratel y
as s es s the threats to and
vul nerabi l ities of the
organi zati on, i ncluding pos s ible
methods to mi ti gate the
i denti fi ed dangers
5. Creates a ri s k matri x to as s es s the
threats to and vul nerabi l iti es of
the organi zati on but does not
i ncl ude pos s i ble methods to
mi ti gate the i denti fi ed dangers ,
or as s es sment i s i ncompl ete or
i naccurate
Does not create a ri s k matri x to
as s es s the threats to and
vul nerabi l ities of the organi zation
20
Articulation of
Response
Submi s s i on has no major errors
rel ated to ci tati ons , grammar,
s pel l i ng, s yntax, or organi zati on
Submi s s i on has major errors
rel ated to ci tati ons , grammar,
s pel l i ng, s yntax, or organi zati on
that negati vel y i mpact readabi l ity
and arti cul ation of mai n i deas
Submi s s i on has criti cal errors
rel ated to ci tati ons , grammar,
s pel l i ng, s yntax, or organi zati on
6. that prevent unders tandi ng of
i deas
20
Earned Total 100%
IT 549 Scenario Assignment Module Six Guidelines and Rubric
For the Module Six assignment, students will be placed into the
role of an IT consultant whose task is to evaluate an existin g
organization’s security protocols.
Once the protocols have been anal yzed, students will
synthesize this knowledge to provide insight into the likelihood
of certain threats occurring. The skills
acquired from this exercise will prove to be beneficial during
the final stages of designing the information assurance plan.
Prompt: In your role as a highly paid consultant, you are given a
list of potential threats to and vulnerabilities of the current
communication security protocols of
an organization. You are asked to provide quantitative data to
measure the likelihood that any of these threats will actually
occur for the information assets of the
client. Conduct research and describe resources you found that
might provide insight into measuring the likelihood that some of
the threats would actually occur.
In the explanation, include whether you see a trend in resources
that might indicate a specific industry is particularly involved
7. in gathering this kind of data.
Additionally, evaluate which communication security protocols
are more effective and provide an explanation.
Guidelines for Submission: Your responses for the prompt must
be submitted as two to three paragraphs and as a Microsoft
Word document with double
spacing, 12-point Times New Roman font, one -inch margins,
and at least three sources cited in APA format.
Critical Elements Exemplary (100%) Proficient (85%) Needs
Improvement (55%) Not Evident (0%) Value
Quantitative Data Meets “Profi ci ent” cri teri a and
the quanti tati ve data i s
s ubs tanti ated wi th res earch
bas ed evi dence
Res pons e provi des quanti tati ve
data to meas ure the l i kel i hood
that any of thes e threats wi l l
actual l y occur
Res pons e attempts to provi de
quanti tati ve data ; however, the
data requi res more s ubs tanti al
evi dence to prove the l i kel i ness
of the threats occurri ng or not
Res pons e does not provi de any
quanti tati ve data
8. 20
Insight Meets “Profi ci ent” cri teri a and
expl anati on us es content bas ed
vocabul ary and res earch based
evi dence to s upport the ans wer
Res pons e expl ai ns and provi des
i ns i ght i nto meas uri ng the
l i kel i hood that s ome of the
threats woul d actual l y occur
Res pons e provi des i ns ight i nto
meas uri ng the l i kel i hood that
s ome of the threats woul d
actual l y occur but does not
expl ai n the l i kel i hood of the
threats
Res pons e does not provi de
i ns i ght i nto meas uri ng the
l i kel i hood that s ome of the
threats woul d actual l y occur
20
Trend in Resources Meets “Profi ci ent” cri teri a and
the trend that i s i denti fi ed i s
s ubs tanti ated wi th res earch
bas ed evi dence
9. Res pons e s peci fi es a trend i n
res ources that mi ght i ndi cate a
s peci fi c i ndus try i s parti cularly
i nvol ved i n gatheri ng thi s ki nd
of data
Res pons e s peci fi es a trend i n
res ources that mi ght i ndi cate a
s peci fi c i ndus try i s parti cularly
i nvol ved i n gatheri ng the data
but does not us e content bas ed
vocabul ary to s upport the
concl us i on
Res pons e does not s peci fy a
trend i n res ources
20
http://snhu-
media.snhu.edu/files/course_repository/graduate/it/it549/it_549
_list_of_possible_threats.docx
Evaluation Meets “Profi ci ent” cri teri a and
the eval uati on us es content
bas ed vocabul ary and res earch
bas ed evi dence to s upport the
10. ans wer
Res pons e eval uates whi ch
communi cati on s ecuri ty
protocol s are more effecti ve
and provi des an expl anati on
Res pons e eval uates whi ch
communi cati on s ecuri ty
protocol s are more effecti ve
but does not expl ai n the
eval uati on
Res pons e does not eval uate the
mos t effecti ve communi cati on
s ecuri ty protocol s
20
Articulation of
Response
Submi s s i on i s free of errors
rel ated to ci tati ons , grammar,
s pel l i ng, s yntax, and
organi zati on and i s pres ented in
a profes s i onal and eas y-to-read
format
11. Submi s s i on has no major errors
rel ated to ci tati ons , grammar,
s pel l i ng, s yntax, or organi zati on
Submi s s i on has major errors
rel ated to ci tati ons , grammar,
s pel l i ng, s yntax, or organi zati on
that negati vel y i mpact
readabi l ity and arti culati on of
mai n i deas
Submi s s i on has criti cal errors
rel ated to ci tati ons , grammar,
s pel l i ng, s yntax, or organi zati on
that prevent unders tandi ng of
i deas
20
Earned Total 100%