Running Head: STATEMENT OF WORK
STATEMENT OF WORK 2
Assignment: 2-2 Final Project Milestone One: Statement of Work
Terri Y. Hudson
Southern New Hampshire University – IT 552
November 6, 2016
Agency-wide security awareness Program Proposal
Introduction
For the organization to comply with the current PCT DSS requirement version 12,6, a security awareness program must be in place. The CISCO of the organization has an immediate requirement of creating an agency-wide security awareness program. As a means of implementing security awareness program the organization has conducted a security gap analysis which is one of the component of security awareness program which showed the 10 security findings. As one of the means of conducting the program, I will submit awareness program proposal.
Objective
This SOW (Statement of Work) is being done on behalf of the senior information officer. He has requested for the creation of an agency-wide security awareness program by handing over the security gap analysis which was done prior to this process. Hence the major aim of this document is to set a security awareness program which shows ten major key security findings. The document will also include a risk assessment of the current security awareness practices, processes and practices. By having this document, the organization will be able to have a well-organized maintenance plan. It is also important in maintaining and establishing an information-security awareness program (United States, 2000).
Background
The mission of the organization is to provide efficient IT services with the best security program in place with an aim of protecting organizations assets.
1. Technical infrastructure
The organization is engaged in short-term effort aiming at modernizing its information-processing infrastructure. These efforts have incorporated software enhancements, installation of firewalls and high end network systems for an improved communication. The senior information officer is the one who is responsible top oversee modernization effort. He has of late completed conducting a security awareness program and deployment of the organization’s LAN (Local area Network). The hardware being used is of CISCO products.
2. Computing Environment
The organization’s desktop computers are of Windows 2007/ 98 and 95. The servers are of Pentium with over 1 GB RAM. The current NOS (Network operating system) are window based.
3. Security Posture of the Organization
The organization has a basic network structure with only one router which acts as a firewall. It has several working stations and switches to this working stations. In addition the organization has installed Kasperky’s antivirus in of their desktop machines with a motive of reducing external threats. The data server is highly secured with Kaspersky’s antivirus. Th ...
Running Head STATEMENT OF WORKSTATEMENT OF WORK .docx
1. Running Head: STATEMENT OF WORK
STATEMENT OF WORK
2
Assignment: 2-2 Final Project Milestone One: Statement of
Work
Terri Y. Hudson
Southern New Hampshire University – IT 552
November 6, 2016
Agency-wide security awareness Program Proposal
Introduction
For the organization to comply with the current PCT DSS
requirement version 12,6, a security awareness program must be
in place. The CISCO of the organization has an immediate
requirement of creating an agency-wide security awareness
program. As a means of implementing security awareness
program the organization has conducted a security gap analysis
2. which is one of the component of security awareness program
which showed the 10 security findings. As one of the means of
conducting the program, I will submit awareness program
proposal.
Objective
This SOW (Statement of Work) is being done on behalf of the
senior information officer. He has requested for the creation of
an agency-wide security awareness program by handing over the
security gap analysis which was done prior to this process.
Hence the major aim of this document is to set a security
awareness program which shows ten major key security
findings. The document will also include a risk assessment of
the current security awareness practices, processes and
practices. By having this document, the organization will be
able to have a well-organized maintenance plan. It is also
important in maintaining and establishing an information-
security awareness program (United States, 2000).
Background
The mission of the organization is to provide efficient IT
services with the best security program in place with an aim of
protecting organizations assets.
1. Technical infrastructure
The organization is engaged in short-term effort aiming at
modernizing its information-processing infrastructure. These
efforts have incorporated software enhancements, installation of
firewalls and high end network systems for an improved
communication. The senior information officer is the one who is
responsible top oversee modernization effort. He has of late
completed conducting a security awareness program and
deployment of the organization’s LAN (Local area Network).
The hardware being used is of CISCO products.
2. Computing Environment
The organization’s desktop computers are of Windows 2007/ 98
3. and 95. The servers are of Pentium with over 1 GB RAM. The
current NOS (Network operating system) are window based.
3. Security Posture of the Organization
The organization has a basic network structure with only one
router which acts as a firewall. It has several working stations
and switches to this working stations. In addition the
organization has installed Kasperky’s antivirus in of their
desktop machines with a motive of reducing external threats.
The data server is highly secured with Kaspersky’s antivirus.
The organization physical security in server rooms has rocks,
network closets and the network cabinet is rocked always. The
organization has a worry on its current security plan this is
because of hackers, spammers and cybercrimes. Also the
security plan of the organization has not proved to have the best
controls after the current security gap analysis that was
conducted.
Security Gaps Findings
From the findings one of the largest organization’s risks is not
the weakness in the IT infrastructure but the action and reaction
of the employees. This has happen through disclosure of
sensitive information by the workers and social engineering
attacks. After the gap analysis report, the organization found
that confidential customer data and the some of the IT assets
were at risk. From the gap analysis findings it is evident that
loss of customer confidential information was very high. The
risks in Information technology assets were classified as
moderate. The top ten security findings were internet; this has
become one of the greatest avenues for hackers. Others are data
breaches, ransom ware, browser plug-ins, virus, worms,
spyware, key loggers, rogue security software and pharming.
Lastly some of the organization factors are contributing to
unhealthy of IT assets. Example a poor plan by the organization
CEO of the best IT personnel, identification of the critical
assets of the organization, wrong mapping of the existing cyber
security capabilities across the organization so as to identify
organizational risks, poor assessment of the organization’s
4. security maturity level and poor identification of the potential
cyber security threats (Roper, 2006).
The best practices in the organizational security program
Assemble all the security awareness team. The team will be
mandated in ensuring development, maintenance and delivery of
the security awareness. The recommendation is for the team to
be well-staffed. In addition to this all the employee dough to be
trained on the ten securities gas findings. The security
awareness program ought to have reference materials such as
ISO 27002:2013 which outlines the code practices of the
information security control, the NIST (National Institute of
Standards and Technology) and COBIT 5 (Desman, 2002).
Tasks
Some of the roles to be performed include performing a general
description of the security posture of the organization and a risk
analysis, drafting security deliverable of the organization and
outlining responsibilities of each and every member in the
organization in ensuring the security of organizational assets.
Personnel
It is highly recommended that security training includes how
social engineering happens and what are the consequences to
the organization IT assets. One of the ways hackers are using
social engineering is to acquire user’s credentials. The program
should tailor this awareness to reflect the types of attacks that
the organization is encountering and what the organization can
encounter in long-run. As one of the findings from the security
gap is confidentiality of customers’ data, it is highly
recommended that different ways of how to safeguard
customers’ information to be covered at the basic level for all
the personnel. Example is protecting data in electronic and non-
electronic form. Others that need to be included in the
awareness program is organization’s security awareness policy,
the impact of unauthorized access and the awareness of the
CHD security requirements (Gardner, 2014).
5. Conclusion
This SOW document has highlighted the objective of SOW. The
document has addressed four critical elements which must be
addressed in the security program, these are; the security
posture of the organization and the major findings from the
security gap analysis, the human factors which undermine the
security of the organization IT assets and organization factors
that contribute to unhealthy of the organization. Lastly I have
included what need to be done in the security awareness
program.
References
United States. & United States. (2000). Summary statement of
work. Washington: National Commission on Air Quality.
Desman, M. B. (2002). Building an information security
awareness program. Boca Raton: Auerbach Publications.
Gardner, B., & Thomas, V. (2014). Building an information
security awareness program: Defending against social
engineering and technical threats. Waltham, Massachusetts:
Syngress.
Roper, C. A., Grau, J. J., & Fischer, L. F. (2006). Security
6. education, awareness, and training: From theory to practice.
Burlington, MA: Elsevier Butterworth-Heinemann.
IT 552 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a security
awareness program proposal.
In any type of enterprise, the security of property, information,
products, and employees is of critical importance. Many
security threats are caused by malicious
intent, but, more often than not, security threats occur because
of unintentional human error. In the final project for this
course, you will evaluate the current
security climate of an organization and develop a plan for
mitigating against both malicious and unintentional human
errors that could compromise the security
of the organization. In addition to developing mitigation
strategies, you must appropriately communicate those plans to
the diverse, affected stakeholder groups
for effective implementation. Ultimately, this assessment
prepares you to successfully develop security awareness
programs that not only protect the security of
an organization’s information, but also enhance the health of
the overall security culture.
The project is divided into four milestones, which will be
submitted at various points throughout the course to scaffold
learning and ensure quality final
submissions. These milestones will be submitted in Modules
Two, Four, Six, and Eight. The final proposal will be submitted
7. in Module Nine.
In this assignment, you will demonstrate your mastery of the
following course outcomes:
organizations by evaluating relevant human factors and
applicable information security policies,
practices, and processes
potential malicious and unintentional threats to organizations’
security postures
organizational factors that contribute to unhealthy security
cultures in organizations
security awareness programs to diverse stakeholders for
effectively fostering healthy security
cultures in organizations
Prompt
You were just hired as the new chief information security
officer for a large corporation whose security posture is low.
The first thing your chief executive officer
tells you is that he has recently seen a presentation by one of
the information security team members emphasizing the
importance of having a security
awareness program. As a result, you have been asked to develop
a security awareness program based on the specific needs of the
organization. To that end, you
8. will make recommendations for enhancing security policies,
practices, and processes that are currently contributing to a
dysfunctional security culture. Your chief
goal is to build a program that will foster a healthy security
culture and ensure continuous improvement. Your final project
is to create a security awareness
program proposal that addresses the needs of this case.
Specifically, the following critical elements must be addressed:
I. Introduction
a) What is the purpose of your proposal? Why is the new
security awareness program vital for the organization? Use
specific examples to illustrate
your claims.
b) Overall, how would you characterize the security posture of
the organization? What were the major findings in your risk
assessment of the
organization’s current security awareness policies, practices,
and processes?
c) Specifically, are there human factors that adversely affect the
security climate within the organization? If so, how? Be sure to
consider
unintentional and intentional threats to a healthy security
culture.
d) Specifically, are there organizational factors that contribute
to an unhealthy security culture in the organization? If so, how?
Be sure to consider
9. organizational data flow, work setting, work planning and
control, and employee readiness.
II. Proposal
a) What is your proposal for mitigating the identified human
factors that pose a threat to the organization’s security posture?
Describe the specific
policies, processes, and practices that must be in place to
address each of the following.
i. Unintentional Threats: What strategies can protect against
human errors made due to cognitive factors? What strategies
can protect
against human errors made due to psychosocial and cultural
factors?
ii. Intentional Threats: What strategies can protect against
social engineering?
b) What is your proposal for resolving inoperative
organizational factors that pose a threat to the organization’s
security posture? Describe the
specific policies, processes, and practices that should be in
place to address each of the following.
i. Data Flow: How do you make sure that the data sender and
the data receiver have a sound connection? How do you ensure
that data is
not tampered with or altered from its intended meaning? What
strategies do you propose to address poor communication?
ii. Work Settings: What strategies do you propose to address
distractions, insufficient resources, poor management systems,
or inadequate
security practices?
10. iii. Work Planning and Control: What strategies do you propose
to address job pressure, time factors, task difficulty, change in
routine, poor
task planning or management practice, or lack of knowledge,
skills, and ability?
iv. Employee Readiness: What strategies do you propose to
address inattention, stress and anxiety, fatigue and boredom,
illness and injury,
drug side effects, values and attitudes, or cognitive factors (e.g.,
misperception, memory, or judgment)?
III. Communication Plan
a) What messaging strategies should be used to ensure that
stakeholders understand, buy into, and support the continuous
improvement of your
proposed security awareness program? Provide specific
examples of the types of communication you are proposing.
b) In a broader sense, how would you convince diverse
stakeholders of the overall need for a healthy security culture?
How do you make it real and
relevant for nontechnical audiences?
Milestones
Milestone One: Statement of Work
In Module Two, you will create a statement of work (SOW)
based on the scenario provided in the Case Document. Be sure
11. to include the purpose of the
proposal, address the security concerns of the chief executive
officer, explain why the security awareness proposal will be
vital to the organization, describe how
the security posture will be addressed, clarify how human
factors will be assessed, and list any organizational factors that
will contribute to the status of the
security posture. The SOW should also address the scope of the
work, project objectives, business needs, business goals,
technical requirements, deliverables,
tasks to achieve the deliverables, high-level schedule of
completing the deliverables and tasks, and personnel and
equipment requirements. The SOW will serve
as the basis for developing the final proposal. The format of this
assignment will be a two- to four-page Word document. This
assignment will be graded using
the Milestone One Rubric.
Milestone Two: Security Policies Development
In Module Four, you will submit 10 security policies as part of
the planned solution to mitigate the security gaps identified in
the Case Document. This
assignment will include a list of access control policies
addressing remote access, encryption and hashing (to control
data flow), auditing network accounts,
configuration change management (to reduce unintentional
threats), segregation of duties, mandatory vacation (to mitigate
intentional threats), personally
identifiable information breaches, media protection, and social
engineering. This milestone focuses on security functionality,
and each policy should be no longer
than one page. This assignment will be graded using the
Milestone Two Rubric.
Milestone Three: Continuous Monitoring Plan
In Module Six, you will submit a continuous monitoring plan
12. laying out the foundation for continuously monitoring the
organization against malicious activities
and intentional and unintentional threats. This milestone also
focuses on work setting techniques and work planning policies
to help employees improve their
stress anxiety, fatigue, and boredom. As part of the planned
solution, you will propose to mitigate the security gaps for the
corporation given in the Case
Document. You will need to explain what security tools
(firewall, intrusion prevention system/intrusion detection
system, antivirus, content filtering, encryption,
etc.) and employee readiness strategies (training programs,
rewards systems, physical wellness programs, etc.) will be used.
The format should be a four- to five-
page Word document. This assignment will be graded using the
Milestone Three Rubric.
Milestone Four: Communication Plan
In Module Eight, you will submit a communication plan that
addresses and summarizes the importance of a security
awareness program. How can it enhance the
success of the organization? The goal of the communication
plan is to find and implement messaging strategies to gain
senior management’s buy-in and support
of the security program. Cyber laws, personally identifiable
information breaches and implications, costs of security
breaches, and advantages of awareness
programs should be addressed. The plan should also include
how the awareness training and the security policies and
procedures will improve the security
posture and culture throughout the organization. The format of
this assignment will be a Word document. This assignment will
be graded using the Milestone
Four Rubric.
Final Submission: Security Awareness Program Proposal
13. In Module Nine, you will submit the security awareness
program proposal. It should be a complete, polished artifact
containing all of the critical elements of the
final proposal. It should reflect the incorporation of feedback
gained throughout the course. The proposal will consist of the
executive summary, communication
plan, statement of work, policies and procedures, proposed
solutions to the security vulnerabilities, schedule for completing
the proposed solutions, budget, and
plans to continuously monitor the organization for malicious
behaviors. This assignment will be graded using the Final
Product Rubric.
Deliverables
Milestone Deliverables Module Due Grading
1 Statement of Work Two Graded separately; Milestone One
Rubric
2 Security Policies Development Four Graded separately;
Milestone Two Rubric
3 Continuous Monitoring Plan Six Graded separately; Milestone
Three Rubric
4 Communication Plan Eight Graded separately; Milestone Four
Rubric
Final Submission: Security Awareness
14. Program Proposal
Nine Graded separately; Final Product Rubric
Final Product Rubric
Guidelines for Submission: Written components of projects
must follow these formatting guidelines when applicable:
double spacing, 12-point T imes New
Roman font, one-inch margins, and APA citations. Page-length
requirements: 25–30 pages (not including cover page and
references).
Instructor Feedback: This activity uses an integrated rubric in
Blackboard. Students can view instructor feedback in the Grade
Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
Introduction:
Purpose
Meets “Proficient” criteria
and demonstrates keen
insight or a nuanced
perspective on the
significance of security
awareness programs
Illustrates the purpose of the
proposal using specific
examples that demonstrate
why the program is vital for
15. the organization
Describes the purpose of the
proposal, but either does not
include specific examples or
those examples do not
demonstrate why the program
is vital for the organization
Does not describe the
purpose of the proposal
8
Introduction:
Security Posture
Meets “Proficient” criteria
and demonstrates keen
insight or a nuanced
perspective in the
evaluation of the overall
security posture
Makes a justifiable claim
about the overall security
posture of the organization
and supports using specific
findings from the risk
assessment
Makes a claim about the overall
security posture of the
organization, but it is either not
justifiable or not well supported
by findings from the risk
16. assessment
Does not make a claim about
the overall security posture of
the organization
8
http://snhu-
media.snhu.edu/files/production_documentation/formatting/rubr
ic_feedback_instructions_student.pdf
Introduction:
Human Factors
Meets “Proficient” criteria
and demonstrates keen
insight or a nuanced
perspective on the impacts
of human factors on the
security climate
Identifies specific human
factors that adversely affect
the security climate and
illustrates their impacts using
examples of relevant
unintentional and intentional
threats
Identifies human factors that
adversely affect the security
climate, but does not illustrate
their impacts using examples of
17. relevant unintentional and
intentional threats
Does not identify human
factors that adversely affect
the security climate
8
Introduction:
Organizational
Factors
Meets “Proficient” criteria
and demonstrates keen
insight or a nuanced
perspective on the impacts
of organizational factors on
the security climate
Identifies organizational
factors that contribute to an
unhealthy security culture and
illustrates their impact using
relevant examples of data
flow, work setting, work
planning and control, and
employee readiness
Identifies organizational factors
that contribute to an unhealthy
security culture, but does not
illustrate their impact using
relevant examples of data flow,
work setting, work planning and
18. control, and employee
readiness
Does not identify
organizational factors that
contribute to an unhealthy
security culture
8
Proposal: Human
Factors:
Unintentional
Meets “Proficient” criteria
and proposal reflects keen
insight or includes creative
solutions for effectively
protecting against
unintentional human errors
Proposes specific policies,
processes, and practices to
protect against unintentional
human errors, including
cognitive, psychosocial, and
cultural factors
Proposes policies, processes, or
practices that would not
effectively protect against
unintentional human errors,
including cognitive,
psychosocial, or cultural factors
19. Does not propose policies,
processes, or practices for
protecting against
unintentional human errors
8
Proposal: Human
Factors:
Intentional
Meets “Proficient” criteria
and proposal reflects keen
insight or includes creative
solutions for effectively
protecting against
intentional human threats
Proposes specific policies,
processes, and practices to
protect against intentional
human threats, including
social engineering
Proposes policies, processes, or
practices that would not
effectively protect against
intentional human threats,
including social engineering
Does not propose policies,
processes, or practices for
protecting against intentional
human threats, including
social engineering
20. 8
Proposal:
Organizational
Factors: Data Flow
Meets “Proficient” criteria
and proposal reflects keen
insight or includes creative
solutions for effectively
protecting against
inoperative organizational
factors associated with data
flow
Proposes specific policies,
processes, and practices for
protecting against inoperative
organizational factors
associated with data flow
Proposes specific policies,
processes, or practices that
would not effectively protect
against inoperative
organizational factors
associated with data flow
Does not propose policies,
processes, or practices for
protecting against inoperative
organizational factors
associated with data flow
21. 8
Proposal:
Organizational
Factors: Work
Settings
Meets “Proficient” criteria
and proposal reflects keen
insight or includes creative
solutions for effectively
protecting against
inoperative organizational
factors associated with work
settings
Proposes specific policies,
processes, and practices for
protecting against inoperative
organizational factors
associated with work settings
Proposes specific policies,
processes, or practices that
would not effectively protect
against inoperative
organizational factors
associated with work settings
Does not propose policies,
processes, or practices for
protecting against inoperative
22. organizational factors
associated with work settings
8
Proposal:
Organizational
Factors: Work
Planning
Meets “Proficient” criteria
and proposal reflects keen
insight or includes creative
solutions for effectively
protecting against
inoperative organizational
factors associated with work
planning and control
Proposes specific policies,
processes, and practices for
protecting against inoperative
organizational factors around
work planning and control
Proposes specific policies,
processes, or practices that
would not effectively protect
against inoperative
organizational factors
associated with work planning
and control
Does not propose policies,
processes, or practices for
23. protecting against inoperative
organizational factors
associated with work planning
and control
8
Proposal:
Organizational
Factors: Employee
Readiness
Meets “Proficient” criteria
and proposal reflects keen
insight or includes creative
solutions for effectively
protecting against
inoperative organizational
factors associated with
employee readiness
Proposes specific policies,
processes, and practices for
protecting against inoperative
organizational factors around
employee readiness
Proposes specific policies,
processes, or practices that
would not effectively protect
against inoperative
organizational factors
associated with employee
readiness
24. Does not propose policies,
processes, or practices for
protecting against inoperative
organizational factors
associated with employee
readiness
8
Communication
Plan: Messaging
Strategies
Meets “Proficient” criteria
and proposal represents
highly effective or creative
strategies for ensuring
stakeholder comprehension
and buy-in
Proposes messaging strategies
for ensuring stakeholder
comprehension and buy-in
and illustrates with specific
examples of proposed
communications
Proposes messaging strategies
that either would not ensure
stakeholder comprehension and
buy-in or does not illustrate
with specific examples of
proposed communications
Does not propose messaging
25. strategies for ensuring
stakeholder comprehension
and buy-in
8
Communication
Plan: Security
Culture
Meets “Proficient” criteria
and justifications are highly
compelling or reflect a
nuanced perspective on the
importance of a healthy
security culture
Justifies the overall need for
and importance of a healthy
security culture in a way that
would be likely to persuade
even nontechnical audiences
Justifies the overall need for and
importance of a healthy security
culture, but arguments are not
compelling for nontechnical
audiences
Does not justify the overall
need for and importance of a
healthy security culture
8
26. Articulation of
Response
Submission is free of errors
related to citations,
grammar, spelling, syntax,
and organization and is
presented in a professional
and easy-to-read format
Submission has no major
errors related to citations,
grammar, spelling, syntax, or
organization
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or
organization that prevent the
understanding of ideas
4
Earned Total 100%
27. IT 552 Milestone Two Guidelines and Rubric
In Module Four, you will submit 10 security policies as part of
the planned solution to mitigate the security gaps identified in
the Case Document. This
assignment will include a list of access control policies
addressing remote access, encryption and hashing (to control
data flow), auditing network accounts,
configuration change management (to reduce unintentional
threats), segregation of duties, mandatory vacation (to mitigate
intentional threats), personally
identifiable information breaches, media protection, and social
engineering. This milestone focuses on security functionality,
and each policy should be no longer
than one page.
Specifically, the following critical elements must be addressed:
a) What is your proposal for mitigating the identified human
factors that pose a threat to the organization’s security posture?
Describe the specific policies,
processes, and practices that must be in place to address each of
the following.
i. Unintentional Threats: What strategies can protect against
human errors made due to cognitive factors? What strategies
can protect against
human errors made due to psychosocial and cultural factors?
ii. Intentional Threats: What strategies can protect against
28. social engineering?
b) Data Flow: How do you make sure that the data sender and
the data receiver have a sound connection? How do you ensure
that data is not tampered
with or altered from its intended meaning? What strategies do
you propose to address poor communication?
Guidelines for Submission: Your paper must be submitted as a
10-page Microsoft Word document, with double spacing, 12-
point Times New Roman font, and
one-inch margins, in APA format. Each policy should be no
longer than one page.
Instructor Feedback: This activity uses an integrated rubric in
Blackboard. Students can view instructor feedback in the Grade
Center. For more information,
review these instructions.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
Human:
Unintentional
Threats
Meets “Proficient” criteria and
proposes evidence-based
solutions for effectively
protecting against unintentional
human errors
Proposes specific policies,
processes, and practices to
29. protect against unintentional
human errors, including
cognitive, psychosocial, and
cultural factors
Insufficiently proposes specific
policies, processes, and
practices to protect against
unintentional human errors,
including cognitive,
psychosocial, and cultural
factors
Does not propose policies,
processes, or practices for
protecting against unintentional
human errors
25
Human: Intentional
Threats
Meets “Proficient” criteria and
proposes evidence-based
solutions for effectively
protecting against intentional
human threats
Proposes specific policies,
processes, and practices to
protect against intentional
human threats, including social
engineering
30. Specific policies, processes, and
practices to protect against
intentional human threats,
including social engineering are
minimally described
Does not propose policies,
processes, or practices for
protecting against intentional
human threats, including social
engineering
25
http://snhu-
media.snhu.edu/files/production_documentation/formatting/rubr
ic_feedback_instructions_student.pdf
Organizational: Data
Flow
Meets “Proficient” criteria
substantiated with evidence-
based solutions for effectively
protecting against inoperative
organizational factors associated
with data flow
Proposes specific policies,
processes, and practices for
protecting against inoperative
organizational factors associated
with data flow
31. Specific policies, processes, and
practices for protecting against
inoperative organizational
factors associated with data
flow are lacking in detail
Does not propose policies,
processes, or practices for
protecting against inoperative
organizational factors associated
with data flow
25
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, syntax, and is
presented in a professional and
easy-to-read format
Submission has no major errors
related to citations, grammar,
spelling, or syntax
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
Submission has critical errors
32. related to citations, grammar,
spelling, syntax, or organization
that prevent the understanding
of ideas
25
Earned Total 100%