Overview
Every organization must consider the mandatory and recommended practices when creating its information security program and/or security policies. Legislative documents such as FISMA are mandatory, yet standards documents such as FIPS 200 can also be mandatory. The selected organization used one or more standard when creating its information security program. For this project, you will identify a standard used by your organization in its information security program, then compare and contrast with another similar standard.
Learning Objectives
After completing this project, students will be able to:
1. Identify recognized US Standards Organizations
2. Describe at least two technical standards
3. Compare and contrast technical standards for information systems security technologies.
4. Describe how the technical standards impact the selected organizations' information security programs
Deliverable
Your research paper should be at least three (3), full pages, double spaced, 1-inch margins, in New Times Roman 12-pitch font, with a cover page (name, course number, date, title of paper) and a reference page. The cover page and reference page are not included in the three-page minimum. Papers not meeting the three full-page minimum will lose points. You must have at least three scholarly sources, correctly formatted per APA guidelines. Submit your research paper to the appropriate TurnItIn assignment area by the due date.
Detailed Description of Learning Activity
1. Review your organization's information security program documentation and determine what standard(s) the organization used to create the program.
2. Pick one of the following three standard options for your comparison:
FIPS 200 and ISO 27002
FIPS 140-2 and ISO 19790
DES/3DES/AES (if you select this option you must compare all three standards against each other)
3. Select three (3) to five (5) points of analysis (POAs) from the FIPS 200, FIPS 140-2, or AES standard.
4. Find the equivalent POA in the ISO 27002, ISO 19790, or 3DES/DES standard respectively.
5. Write your research paper. At a minimum, the paper should include
an Introduction that includes the purpose of your paper, introduces the organization, and explains why you selected the standards you are researching
a Standards section that describes from a general standpoint, the two standards you selected for the paper
a Points of Analysis section that describes your three to five points, from a general standpoint
a Compare and Contrast section explaining the diffrences between the two standards, using details and specifics
Use spell and grammar check before submitting. It is also a good idea to have someone else read your paper.
Submit the project to TurnItIn by the due date. Put your Turnitin score on the cover page. It cannot exceed 20%
6. Examples of POAs:
Cryptographic Key Management (FIPS 140-2)
Security Levels of Cryptographic Modules (140-2)
Key Length (AES)
Performance (A.
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Overview Every organization must consider the mandatory and reco.docx
1. Overview
Every organization must consider the mandatory and
recommended practices when creating its information security
program and/or security policies. Legislative documents such as
FISMA are mandatory, yet standards documents such as FIPS
200 can also be mandatory. The selected organization used one
or more standard when creating its information security
program. For this project, you will identify a standard used by
your organization in its information security program, then
compare and contrast with another similar standard.
Learning Objectives
After completing this project, students will be able to:
1. Identify recognized US Standards Organizations
2. Describe at least two technical standards
3. Compare and contrast technical standards for information
systems security technologies.
4. Describe how the technical standards impact the selected
organizations' information security programs
Deliverable
Your research paper should be at least three (3), full pages,
double spaced, 1-inch margins, in New Times Roman 12-pitch
font, with a cover page (name, course number, date, title of
paper) and a reference page. The cover page and reference page
are not included in the three-page minimum. Papers not meeting
the three full-page minimum will lose points. You must have at
least three scholarly sources, correctly formatted per APA
guidelines. Submit your research paper to the appropriate
TurnItIn assignment area by the due date.
Detailed Description of Learning Activity
1. Review your organization's information security program
documentation and determine what standard(s) the organization
2. used to create the program.
2. Pick one of the following three standard options for your
comparison:
FIPS 200 and ISO 27002
FIPS 140-2 and ISO 19790
DES/3DES/AES (if you select this option you must compare
all three standards against each other)
3. Select three (3) to five (5) points of analysis (POAs) from the
FIPS 200, FIPS 140-2, or AES standard.
4. Find the equivalent POA in the ISO 27002, ISO 19790, or
3DES/DES standard respectively.
5. Write your research paper. At a minimum, the paper should
include
an Introduction that includes the purpose of your paper,
introduces the organization, and explains why you selected the
standards you are researching
a Standards section that describes from a general standpoint,
the two standards you selected for the paper
a Points of Analysis section that describes your three to five
points, from a general standpoint
a Compare and Contrast section explaining the diffrences
between the two standards, using details and specifics
Use spell and grammar check before submitting. It is also a
good idea to have someone else read your paper.
Submit the project to TurnItIn by the due date. Put your
Turnitin score on the cover page. It cannot exceed 20%
6. Examples of POAs:
Cryptographic Key Management (FIPS 140-2)
Security Levels of Cryptographic Modules (140-2)
Key Length (AES)
Performance (AES)
System Impact Levels (FIPS 200)
Security Control Selection (FIPS 200)
7. Make sure you use the rubric. If you check off all items in a
specific grade category, then you could/should earn those
respective points. For example, if you only include 3 POAs, you
3. cannot earn more than 5 points for that section.
Criteria
Level 4
Level 3
Level 2
Level 1
Introduction
5 points
a. The writer introduces the topic and its relevance to (1) the
discipline; and (2) the chosen audience. The introduction lays
groundwork for the direction of the assignment.
b. Thesis or objective is clearly stated and appropriately
focused.
c. Main idea stands along with details.
d. The title is appropriate and adequately describes the topic.
4 points
a. The writer makes the reader aware of the overall problem,
challenge, or topic to be examined.
b. Thesis is stated but clarity and/or focus could be better.
c. The title does not adequately describe the topic.
2 points
a. There is no reference to the topic, problem, or audience.
b. There is no statement of thesis or objective of the research.
c. The title is inappropriate and does not describe the topic.
0 points
No submission
Standards and Points of Analysis
15 points
4. a. The paper includes an accurate description of both standards.
b. The paper includes five (5) points of analysis.
c. Ideas are clear, original, and focused. Main idea stands along
with details.
d. Sufficient information included. Information clearly relates
to the main relates to the main thesis. It includes several
supporting details and/or examples.
e. Sentences and paragraphs clearly and effectively relate to and
support the thesis.
f. Writer provides examples and quotes that answer the reader’s
questions and add depth to the writer’s ideas.
10 points
a. The paper includes a description of some but not all of the
standards and/or the description of the standard(s) is not
accurate.
b. The paper includes four (4) points of analysis.
c. Ideas are clear, but there is a lack of extra information.
d. Information relates to main topic. Details and amount of
information are sparse.
e. Sentences and paragraphs generally though not always relate
to the thesis or controlling idea.
f. Examples are included, though not always; reader needs
specific details or quotes that the writer does not provide.
5 points
a. The paper does not include a standards description.
b. The paper includes three (3) or fewer points of analysis.
c. Text is repetitious.
d. Information seems to be disorganized and has little to do with
the main topic.
e. Sentences and paragraphs do not clearly or effectively relate
to the assignment.
f. Examples are either lacking or ineffective; i.e., do not relate
to the main idea in the assignment or paragraph
0 points
5. No submission
Conclusions
10 points
a. The writer makes succinct and precise conclusions based on
the review of literature.
b. Insights into the problem/topic are appropriate.
c. Conclusions are strongly supported within the assignment.
7 points
a. The writer makes succinct and precise conclusions based on
the review of literature.
b. Insights into the problem/topic are appropriate.
c. Conclusions are strongly supported within the assignment.
4 points
a. There is little or no indication that the writer tried to
synthesize the information or draw conclusions based on the
literature under review.
0 points
No submission
Research and Analysis (Compare/Contrast)
50 points
a. The writer covers the appropriate content in depth without
being redundant.
b. The writer cites sources when specific statements are made.
c. The significance of quotes, when used, is apparent.
d. The length is appropriate.
e. Ideas are clear, original, and focused. Main idea stands out,
along with details.
f. Ideas in the assignment are compelling, even original; they
are not self-evident.
35 points
6. a. The writer includes all the sections of pertinent content, but
does not cover them in as much depth or detail as the
audience/reader expects.
b. The writer cites sources when specific statements are made.
c. The significance to the discipline is evident.
d. Ideas are clear, but more information is needed.
e. Ideas in the assignment are mostly (but not all) relevant and
worthy of the reader’s consideration
20 points
a. The writer has omitted major sections of pertinent content or
content runs on excessively.
b. The writer quotes other material excessively.
c. The ideas presented have little significance to the discipline
and/or the audience.
d. Text is repetitious
e. There is no central theme.
f. Ideas in the assignment are irrelevant or not worthy of the
reader’s consideration.
0 points
No submission
Clarity and Correctness of the Writing
10 points
a. The writing is clear and concise.
b. There are less than 10 mistakes in grammar, spelling, and/or
punctuation.
c. The writing does not ramble; the assignment is carefully
written and edited.
d. Less than 30% of the paper is comprised of direct quotes.
7 points
a. The writing is generally clear, but unnecessary words are
occasionally used. Meaning is sometimes hidden.
7. b. Paragraph or sentence structure is repetitive.
c. Much of the writing is generally clear, but meaning is
sometimes hidden.
d. There are between 10 and 20 mistakes in grammar, spelling,
and/or punctuation, but they do not cause confusion; they
suggest negligence, not indifference.
e. Writing might ramble; the assignment is not carefully written.
f. Between 30% and 40% of the paper is comprised of direct
quotes.
4 points
a. It is difficult for the reader to understand what the writer is
trying to express.
b. Writing is convoluted.
c. Assignment contains more than 20 spelling and/or
grammatical errors as well as improper punctuation.
d. The writing is vague or it is difficult to understand what the
writer is trying to express.
e. Mistakes in grammar, spelling, and/or punctuation cause
confusion and show lack of concern for quality of writing.
f. Writing rambles; the assignment appears hastily written.
g. More than 40% of the paper is comprised of direct quotes
0 points
No submission
Sources, Citations, and Proper APA Formatting
10 points
a. The writer includes at least three (3) citations in the body of
the review.
b. The references in the list match the in-text citations and all
are properly cited in APA style.
c. Numerous sources are cited. All sources are accurately
documented.
d. Accurately adheres to APA style in formatting, organization,
and construction, including full review of relevant literature.
8. e. There is consistent use of people-first, non-discriminatory
language.
f. The majority of sources are scholarly and cited correctly in
both text and reference list.
7 points
a. The writer cites sources within the body of the review and
includes a corresponding References list. Some formatting
problems exist or some elements are missing.
b. Less than three (3) sources are cited. All sources are
accurately documented, but some are not in the desired format.
c. Assignment is in APA style but with some errors.
d. The body of the assignment consists of a review of the
literature.
e. There is evidence of attention to people-first, non-
discriminatory language.
f. Most sources are scholarly and cited, but with some errors.
g. Personal opinions are kept to a minimum.
4 points
a. The writer does not include in-text citations for statements
made in the review.
b. References that are included in the Reference list are not
cited in the text.
c. An insufficient number of sources are cited and/or not
accurately documented.
d. The assignment is not written in APA style.
e. No attention is given to people-first, non-discriminatory
language.
f. Scholarly sources are not cited in text and reference list.
g. Sources are primarily from the popular press and/or the
assignment consists primarily of personal opinions.
0 points
No submission