The document outlines guidelines for IT 552 Milestone Three, which involves developing a continuous monitoring plan for an organization. It discusses critical elements that must be addressed, including work setting strategies to address distractions and inadequate security practices, work planning strategies to address job pressures and skills gaps, and employee readiness strategies to address stress, fatigue, and cognitive issues. Guidelines state the submission should be a 4-5 page Word document in APA format addressing these elements and describing security tools and training programs to protect the organization and its employees. A rubric is provided to evaluate sections on work settings, work planning, employee readiness, writing quality, and assigning a grade.

1. IT 552 Milestone Three Guidelines and Rubric
In Module Six, you will submit a continuous monitoring plan
laying out the foundation for continuously monitoring the
organization against malicious activities
and intentional and unintentional threats. This milestone also
focuses on work setting techniques and work planning policies
to help employees improve their
stress anxiety, fatigue, and boredom. As part of the planned
solution, you will propose to mitigate the security gaps for the
corporation given in the Case
Document. You will need to explain what security tools
(firewall, intrusion prevention system/intrusion detection
system, antivirus, content filtering, encryption,
etc.) and employee readiness strategies (training programs,
rewards systems, physical wellness programs, etc.) will be used.
Specifically, the following critical elements must be addressed:
ii. Work Settings: What strategies do you propose to address
distractions, insufficient resources, poor management systems,
or inadequate security
practices?
iii. Work Planning and Control: What strategies do you propose
to address job pressure, time factors, task difficulty, change in
routine, poor task planning or
management practice, or lack of knowledge, skills, and ability?
iv. Employee Readiness: What strategies do you propose to

2. address inattention, stress and anxiety, fatigue and boredom,
illness and injury, drug side
effects, values and attitudes, or cognitive factors (e.g.,
misperception, memory, or judgment)?
Guidelines for Submission: Your paper must be submitted as a
four- to five-page Microsoft Word document, with double
spacing, 12-point Times New Roman
font, and one-inch margins, in APA format.
Critical Elements Exemplary (100%) Proficient (90%) Needs
Improvement (70%) Not Evident (0%) Value
Organizational: Work
Settings
Meets “Proficient” criteria
substantiated with research to
support solutions that
effectively protect against
inoperative organizational
factors associated with work
settings
Describes strategies to address
distractions, insufficient
resources, poor management
systems, or inadequate security
practices
Minimally describes strategies to
address distractions, insufficient
resources, poor management

3. systems, or inadequate security
practices
Does not describe strategies to
address distractions, insufficient
resources, poor management
systems, or inadequate security
practices
25
Organizational: Work
Planning
Meets “Proficient” criteria
substantiated with evidence to
support rationale around
proposed strategies
Proposes strategies that address
job pressure, time factors, task
difficulty, change in routine,
poor task planning or
management practice, or lack of
knowledge, skills, and ability
Strategies that address job
pressure, time factors, task
difficulty, change in routine,
poor task planning or
management practice, or lack of
knowledge, skills, and ability are
lacking in detail
Does not propose strategies that
address job pressure, time

4. factors, task difficulty, change in
routine, poor task planning or
management practice, or lack of
knowledge, skills, and ability
25
Organizational:
Employee Readiness
Meets “Proficient” criteria
substantiated with evidence to
support rationale around
employee readiness
Proposes strategies to address
inattention, stress and anxiety,
fatigue and boredom, illness and
injury, drug side effects, values
and attitudes, or cognitive
factors (e.g., misperception,
memory, or judgment)
Inefficiently proposes strategies
to address inattention, stress
and anxiety, fatigue and
boredom, illness and injury, drug
side effects, values and
attitudes, or cognitive factors
(e.g., misperception, memory, or
judgment)

5. Does not propose strategies to
address inattention, stress and
anxiety, fatigue and boredom,
illness and injury, drug side
effects, values and attitudes, or
cognitive factors (e.g.,
misperception, memory, or
judgment)
25
Articulation of
Response
Submission is free of errors
related to citations, grammar,
spelling, syntax, and is
presented in a professional and
easy-to-read format
Submission has no major errors
related to citations, grammar,
spelling, or syntax
Submission has major errors
related to citations, grammar,
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent the understanding
of ideas

6. 25
Earned Total 100%
IT 552 Case for Final Project
BACKGROUND:
You were just hired as the new chief information security
officer for Multiple Unite Security Assurance (MUSA)
Corporation whose security posture is low. The first thing your
chief executive officer tells you is that they have recently seen
a presentation by one of the information security team members
emphasizing the importance of having a security awareness
program. As a result, you have been asked to develop a security
awareness program for MUSA Corporation based on the
following 10 security gaps:
1. No annual cyber security awareness training, which is
causing high phishing and social engineering attacks
2. No configuration change management policy (to reduce
unintentional threats)
3. No intrusion detection/prevention system
4. Logs are not being collected or analyzed
5. No media access control policy
6. No encryption or hashing to control data flow and
unauthorized alteration of data
7. Vulnerability assessment is conducted every three years;
unable to assess the security posture status
8. High turnover and low morale among the employees (due to
lack of employee readiness programs and work planning
strategy)
9. High number of theft reports and security incidents; possible

7. unethical/disgruntled employees
10. No segregation of duties or mandatory vacation policies (to
mitigate intentional threats)
To that end, you will make recommendations for enhancing
security policies, practices, and processes that are currently
contributing to a dysfunctional security culture. Your chief goal
is to build a program that will foster a healthy security culture
and ensure continuous improvement. Your task is to develop a
security awareness program that consists of four major
components:
1. Proposal Introduction
2. Security Policies Development
3. Continuous Monitoring Plan
4. Communication Plan