Sheet1CriteriaExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or UnacceptableIntroduction10 points8.5 points7 points6 points4 points0 pointsProvided an excellent overview of the cybersecurity industry as a whole. Answered the questions: (a) Why does this industry exist? and (b) How does this industry benefit society? Addressed sources of demand for cybersecurity products and services. Appropriately used information from 3 or more authoritative sources. (Reuse of narrative from Case Study #3 is permitted).Provided an outstanding overview of the cybersecurity industry as a whole. Answered the questions: (a) Why does this industry exist? and (b) How does this industry benefit society? Addressed sources of demand for cybersecurity products and services. Appropriately used information from 2 or more authoritative sources. (Reuse of narrative from Case Study #3 is permitted).Provided an brief introduction to the cybersecurity industry. Addressed why the industry exists and how the industry benefits society. Addressed sources of demand for cybersecurity products and services. Appropriately used information from authoritative sources. (Reuse of narrative from Case Study #3 is permitted).Provided an introduction to the industry but the section lacked some required details. Information from authoritative sources was cited and used in the overview.Attempted to provide an introduction to the industry but this section lacked detail and/or was not well supported by information drawn from authoritative sources. The introduction section was missing or did not present information about the cybersecurity industry.Operational Risks (Suppliers)20 points18 points16 points14 points9 points0 pointsProvided an excellent overview of the operational risks and sources of operational risks which could affect suppliers of cybersecurity related products and services. Addressed the potential impacts on products & services (compromised security). Discussed the potential impact of such compromises upon buyers and the security of buyers' organizations (risk transfer). Appropriately used and cited information from 3 or more authoritative sources.Provided an outstanding overview of the operational risks which could affect suppliers of cybersecurity related products and services. Addressed the potential impacts on products & services (compromised security). Discussed the potential impact of such compromises upon buyers and the security of buyers' organizations (risk transfer). Appropriately used and cited information from 2 or more authoritative sources.Discussed operational risks and sources of operational risks which could affect suppliers of cybersecurity related products and services. Addressed the possible impacts on products & services and the impacts upon the security of buyers' organizations (risk transfer).Appropriately used and cited information from authoritative sources.Provided information about operational risks and sources of op.
1. Sheet1CriteriaExcellentOutstandingAcceptableNeeds
ImprovementNeeds Significant ImprovementMissing or
UnacceptableIntroduction10 points8.5 points7 points6 points4
points0 pointsProvided an excellent overview of the
cybersecurity industry as a whole. Answered the questions: (a)
Why does this industry exist? and (b) How does this industry
benefit society? Addressed sources of demand for cybersecurity
products and services. Appropriately used information from 3 or
more authoritative sources. (Reuse of narrative from Case Study
#3 is permitted).Provided an outstanding overview of the
cybersecurity industry as a whole. Answered the questions: (a)
Why does this industry exist? and (b) How does this industry
benefit society? Addressed sources of demand for cybersecurity
products and services. Appropriately used information from 2 or
more authoritative sources. (Reuse of narrative from Case Study
#3 is permitted).Provided an brief introduction to the
cybersecurity industry. Addressed why the industry exists and
how the industry benefits society. Addressed sources of demand
for cybersecurity products and services. Appropriately used
information from authoritative sources. (Reuse of narrative
from Case Study #3 is permitted).Provided an introduction to
the industry but the section lacked some required details.
Information from authoritative sources was cited and used in the
overview.Attempted to provide an introduction to the industry
but this section lacked detail and/or was not well supported by
information drawn from authoritative sources. The introduction
section was missing or did not present information about the
cybersecurity industry.Operational Risks (Suppliers)20 points18
points16 points14 points9 points0 pointsProvided an excellent
overview of the operational risks and sources of operational
risks which could affect suppliers of cybersecurity related
products and services. Addressed the potential impacts on
products & services (compromised security). Discussed the
potential impact of such compromises upon buyers and the
2. security of buyers' organizations (risk transfer). Appropriately
used and cited information from 3 or more authoritative
sources.Provided an outstanding overview of the operational
risks which could affect suppliers of cybersecurity related
products and services. Addressed the potential impacts on
products & services (compromised security). Discussed the
potential impact of such compromises upon buyers and the
security of buyers' organizations (risk transfer). Appropriately
used and cited information from 2 or more authoritative
sources.Discussed operational risks and sources of operational
risks which could affect suppliers of cybersecurity related
products and services. Addressed the possible impacts on
products & services and the impacts upon the security of buyers'
organizations (risk transfer).Appropriately used and cited
information from authoritative sources.Provided information
about operational risks and sources of operational risks which
could impact sellers and buyers of cybersecurity products and
services. Appropriately used and cited information from
authoritative sources.Provided a discussion of operational risk
as it applies to the cybersecurity industry. The
discussion lacked detail and/or was not well supported by
information drawn from authoritative sources.This section was
missing, off topic, or failed to provide information about
operational risks and the impacts thereof.1. Product Liability
in the Cybersecurity Industry15 points14 points13 points11
points9 points0 pointsProvided an excellent discussion of
product liability in the cybersecurity industry. Summarized the
current legal environment and discussed the potential impact
upon buyers who suffer harm or loss as a result of purchasing,
installing, and/or using cybersecurity products or services.
Appropriately used information from 3 or more authoritative
sources.Provided an outstanding discussion of product liability
in the cybersecurity industry. Summarized the current legal
environment and discussed the potential impact upon buyers
who suffer harm or loss as a result of purchasing, installing,
and/or using cybersecurity products or services. Appropriately
3. used information from 2 or more authoritative
sources.Discussed product liability in the cybersecurity
industry. Summarized the current legal environment and
discussed the potential impact upon buyers who suffer harm or
loss as a result of purchasing, installing, and/or using
cybersecurity products or services. The discussion was
supported by information drawn from authoritative
sources.Attempted to provide a discussion of product liability in
the cybersecurity industry. Mentioned the potential impact upon
buyers who suffer harm or loss related to the use of
cybersecurity products or services. The discussion was
supported by information drawn from authoritative
sources.Mentioned product liability but the section was lacking
in details and/or was not supported by information from
authoritative sources.This section was missing, off topic, or
failed to address product liability.Governance Frameworks15
points14 points13 points11 points9 points0 pointsProvided an
excellent discussion of the role that standards and governance
processes should play in ensuring that acquisitions and
procurements (purchases) of cybersecurity products and services
meet the buyer’s security requirements. Discussed specific
governance process examples from COBIT®,ITIL®, and
ISO/IEC 27002. Appropriately used information from 3 or more
authoritative sources. Provided an outstanding discussion of the
role that standards and governance processes should play in
ensuring that acquisitions and procurements (purchases) of
cybersecurity products and services meet the buyer’s security
requirements. Discussed specific governance process examples
from two of the three frameworks (COBIT®, ITIL®, and
ISO/IEC 27002). Appropriately used information from 2 or
more authoritative sources.Discussed the role that standards and
governance processes should play in ensuring that acquisitions
and procurements (purchases) of cybersecurity products and
services meet the buyer’s security requirements. Mentioned the
use of processes from COBIT®,ITIL®, or ISO/IEC
27002. Appropriately used information from authoritative
4. sources.Provided a discussion of the role that standards and
governance processes should play during the purchase of
cybersecurity products or services.Appropriately used
information from authoritative sources.Attempted to provide a
discussion of the role that standards and governance processes
should play during the purchase of cybersecurity products or
services but the discussion was substantially lacking in
details.Section was missing, off topic, or did not mention
governance frameworks and standards.Summary and
Conclusions10 points8.5 points7 points6 points4 points0
pointsProvided an excellent summary and conclusions section
which presented a summary of findings including 3 or more
reasons why product liability (risk transfer) is a problem that
must be addressed by both suppliers and purchasers of
cybersecurity related products and services.Provided an
outstanding summary and conclusions section which presented a
summary of findings including 2 or more reasons why product
liability (risk transfer) is a problem that must be addressed by
both suppliers and purchasers of cybersecurity related products
and services.Provided a summary and conclusions section which
presented a summary of findings including the reasons why
product liability (risk transfer) is a problem that must be
addressed by both suppliers and purchasers of cybersecurity
related products and services.Summarized findings which
mentioned product liability problems in the cybersecurity
industry.Included a summary but did not mention product
liability.Summary and conclusions were missing.Addressed
security issues using standard cybersecurity terminology5
points4 points3 points2 points1 point0 pointsDemonstrated
excellence in the integration of standard cybersecurity
terminology into the case study.Provided an outstanding
integration of standard cybersecurity terminology into the case
study.Integrated standard cybersecurity terminology into the
into the case studyUsed standard cybersecurity terminology but
this usage was not well integrated with the discussion.Misused
standard cybersecurity terminology.Did not integrate standard
5. cybersecurity terminology into the discussion.APA Formatting
for Citations and Reference List5 points4 points3 points2
points1 point0 pointsWork contains a reference list containing
entries for all cited resources. Reference list entries and in-text
citations are correctly formatted using the appropriate APA
style for each type of resource.Work contains a reference list
containing entries for all cited resources. One or two minor
errors in APA format for in-text citations and/or reference list
entries.Work contains a reference list containing entries for all
cited resources. No more than 3 minor errors in APA format for
in-text citations and/or reference list entries.Work has no more
than three paragraphs with omissions of citations crediting
sources for facts and information. Work contains a reference list
containing entries for cited resources. Work contains no more
than 5 minor errors in APA format for in-text citations and/or
reference list entries.Work attempts to credit sources but
demonstrates a fundamental failure to understand and apply the
APA formatting standard as defined in the Publication Manual
of the American Psychological Association (6th ed.).Reference
list is missing. Work demonstrates an overall failure to
incorporate and/or credit authoritative sources for information
used in the paper.Professionalism Part I: Organization &
Appearance5 points4 points3 points2 points1 point0
pointsSubmitted work shows outstanding organization and the
use of color, fonts, titles, headings and sub-headings, etc. is
appropriate to the assignment type.Submitted work has minor
style or formatting flaws but still presents a professional
appearance. Submitted work is well organized and appropriately
uses color, fonts, and section headings (per the assignment’s
directions).Organization and/or appearance of submitted work
could be improved through better use of fonts, color, titles,
headings, etc. OR Submitted work has multiple style or
formatting errors. Professional appearance could be
improved.Submitted work has multiple style or formatting
errors. Organization and professional appearance need
substantial improvement.Submitted work meets minimum
6. requirements but has major style and formatting errors. Work is
disorganized and needs to be rewritten for readability and
professional appearance.Submitted work is poorly organized
and formatted. Writing and presentation are lacking in
professional style and appearance. Work does not reflect college
level writing skills.Professionalism Part II: Execution15
points14 points13 points11 points4 points0 pointsNo formatting,
grammar, spelling, or punctuation errors.Work contains minor
errors in formatting, grammar, spelling or punctuation which do
not significantly impact professional appearance.Errors in
formatting, spelling, grammar, or punctuation which detract
from professional appearance of the submitted work.Submitted
work has numerous errors in formatting, spelling, grammar, or
punctuation. Work is unprofessional in appearance.Submitted
work is difficult to read / understand and has significant errors
in formatting, spelling, grammar, punctuation, or word
usage.Submitted work is poorly executed OR does not reflect
college level work.Overall
ScoreExcellentOutstandingAcceptableNeeds ImprovementNeeds
Significant ImprovementMissing or Unacceptable90 or more80
or more70 or more56 or more36 or more0 or more
Sheet1INTROBODY 1BODY 2BODY 3BODY
4CONCLUSIONOrganizationLandSeaKolbert strong/not so
strong/1/1/2/2/3/1Writing: free of distractingFormatting: as
pererrors? Academic voice?formatting sheet?Base verb tense in
present?/12.5/12.5/1.5/1/25
&"Times New Roman,Regular"IH 852 Fall, 2015 Bill Coleman,
Instructor
Prompt / Rubric for Final Paper
In the 5th century B.C., Herodotus tells us, the king of Persia
decided to attack the Greeks. All his advisors applauded except
a certain Artabanus who pointed to 2 problems: the land and the
sea. 2500 years later, a different form of attack is taking place:
the expansion of the human species as a whole and the takeover
7. by our species of the surface of the Earth. This is a process
very different from a military invasion but the results may be
far more devastating. Like Artabanus 2500 years ago, Elizabeth
Kolbert points to the land and the sea.
Describe Kolbert’s organization of chapters in The Sixth
Extinction. Describe the threats to creatures living on land.
Describe the threats to creatures living in the sea. What part of
The Sixth Extinction best explains to you the overall crisis
which our species is causing? Is there any way in which
Kolbert fails to make her case?
Sheet2
Sheet3
Smith 1
Mary Smith
Bill Coleman
Intellectual Heritage 852 Section xxx
February 27, 2015
The Correct Way to Format an Essay
First, select Times New Roman as the font and 12 as the font
size. Make sure the paragraph is set to double space, and that
you have checked the dialog box in “Paragraph” that says:
“Don’t add space between paragraphs of the same style.” The
heading, which includes your name, your teacher’s name, the
course name and the date the paper is due, goes in the upper left
corner of your paper. It is double-spaced like the body of the
paper. The title of your paper should be centered and in the
same font as the body of the paper. Do not use bold or
underlining. Remember to capitalize the first word and all
important words of the title.
8. Indent the first line of each paragraph. Do not skip an extra line
between paragraphs. Space once after each punctuation mark.
Do not space before a punctuation mark. If your essay is longer
than one page, insert the page number on the right side of the
header. To do this, open the header and use the tab key to move
the cursor to the right. Type your last name and then use the
menu bar to insert the correct page number. Remember to select
Times New Roman as your font and 12 as the font size just as
you did for the text of your paper.
If you follow the above instructions, your paper should look
like this page. Note that to quote from The Sixth Extinction,
you need merely put the passage in quotation marks followed by
the appropriate page number (Kolbert, p. 224).
Industry Profile Part 2: Supply Chain Risk in the Cybersecurity
Industry
For this paper, you will research and report upon the problem of
Supply Chain Risk as it pertains to the cybersecurity industry.
You will also investigate due diligence and other business
processes / strategies which can be used to mitigate the impacts
of supply chain risk for companies who produce and sell
cybersecurity related products and services.
Research
1. Global Supply Chain Risks affecting the Cybersecurity
Industry. Here are some suggested resources to get you started:
a. Cyber Security Risks in Industrial Supply
Chainshttp://www.securityweek.com/cyber-security-risks-
industrial-supply-chains
b. Cybersecurity in the Supply Chain
http://www.lmi.org/CMSPages/getfile.aspx?nodeguid=
adf22863-fca9-44ae-a93a-c20e21bae1e6&
AspxAutoDetectCookieSupport=1
c. Cybersecurity Risks in the Supply Chain
9. https://www.cert.gov.uk/wp-content/uploads/2015/02/Cyber-
security-risks-in-the-supply-chain.pdf
d. Independent contractors, outsourcing providers and supply
chain vendors: The weakest link in cybersecurity?
http://www.wiggin.com/files/30783_cybersecurity-update-
winter-2015.pdf (pp. 2-3)
2. Investigate due diligence as it applies to the purchase of
components or services from vendors. Answer the question: how
can due diligence processes help a company manage supply
chain risks? Here are some suggested resources:
a. http://www.cips.org/Documents/Knowledge/Procurement-
Topics-and-Skills/3-Risk-Mitigation/Diligent-
Procurement/Due_diligence-Procurement_Topic.pdf
b. http://blogs.wsj.com/cio/2014/03/21/going-beyond-due-
diligence-to-monitor-vendor-cybersecurity/
c. Cybersecurity: Five lessons learned the hard
wayhttp://www.lexology.com/library/detail.aspx?g=e0e6d83f-
3783-457a-8ce5-cda2ed9f3dcd
3. Research best practices and recommended strategies and
approaches for managing global supply chain risk
a. 10 Supply Chain Risk Management Best
Practiceshttp://www.bankinfosecurity.com/10-supply-chain-
risk-management-best-practices-a-5288/op-1
b. Cyber Supply Chain Security: A Crucial Step Toward U.S.
Security, Prosperity, and Freedom in
Cyberspacehttp://www.heritage.org/research/reports/2014/03/cy
ber-supply-chain-security-a-crucial-step-toward-us-security-
prosperity-and-freedom-in-cyberspace
c. Managing Risk in Global ICT Supply Chains
http://www.boozallen.com/media/file/managing-risk-in-global-
ict-supply-chains-vp.pdf
d. Supply Chain Risk Management
Awarenesshttp://www.afcea.org/committees/cyber/documents/S
upplychain.pdf
Write
10. 1. An introduction section which provides a brief overview of
the problem of supply chain risk as it pertains to the
cybersecurity industry.
2. A supply chain risks section in which you identify and
describe 5 or more specific sources of supply chain risk which
impact cybersecurity related products and services.
3. A due diligence section in which you address the use of
diligence processes (investigating suppliers before entering into
contracts) as a supply chain risk management strategy. Include
5 or more cybersecurity related questions which should be asked
of suppliers during the due diligence process.
4. A best practices section in which you address 5 or more best
practices for managing global supply chain risks in the
cybersecurity industry. You must also provide an evaluation of
the expected benefits from implementing each of these
practices.
5. A summary and conclusions section in which you present an
overall picture of the supply chain risk problem in the
cybersecurity industry and best practices for managing supply
chain risks.
Your five to eight page paper is to be prepared using basic APA
formatting (including title page and reference list) and
submitted as an MS Word attachment to the Industry Profile
Part 2: Supply Chain Risk entry in your assignments folder. See
the sample paper and paper template provided in Course
Resources > APA Resources for formatting examples. Consult
the grading rubric for specific content and formatting
requirements for this assignment
Table 1. List of Approved Industries for Industry Profile Project
NAICS Code
Industry Name