Information security gaps: Project Case Study.

CSIA 485 Project #1 Detailed Assignment Description
Read the Case Study posted for this assignment. Determine the information security gaps and develop a security strategy that includes issues relating to confidentiality, integrity, and availability (CIA), and that includes the key elements relative to People, Process, and Technology.
Step 1: Describe the key issues/challenges/risks from this case study.
Step 2: Based on the information provided in the case study, describe and document the recommended security strategy to mitigate the issues/challenges identified.
Step 3: Describe the proposed security solutions and relationship to the case study.
Step 4: Document a detailed, proposed timeline for addressing each element of the strategy that you identify. Provide estimates for implementing recommended strategies, with rationale. Include what resources are necessary for completing each task in the timeline.
Step 5: Provide a high-level recommendation regarding the next steps to take in mitigating risks identified.
The deliverable for this case study assignment will be a minimum 5 page, double-spaced paper using Times New Roman 12 font and APA style formatting for citations and references. It will also include a minimum of 5 references. The Title/Cover page, illustrations (tables/charts/graphs), or references are not part of the page count but are required for the assignment. The grading rubric provides additional details as to what should be included in the paper. See grading rubric below.

Rubric Name: Project 1: Case Study

Security and Technology Issues    Level 5    Level 4    Level 3    Level 2    Level 1
Technology Issues    10 points

Identifies at least 10 security or technology issues based on the case study.    8 points

Identifies at least 8 security or technology issues based on the case study.    6 points

Identifies at least 6 security or technology issues based on the case study.    3 points

Identifies at least 3 security or technology issues based on the case study.    0 points

Doesn’t identify any security or technology issues based on the case study.
Security Issues    10 points

Clearly describes and relates information security and other technology issues to confidentiality, integrity and availability (CIA). Synthesizes and applies material and document relationships.    8 points

Basically describes and relates information security and other technology issues to confidentiality, integrity and availability (CIA). Synthesizes and applies some material and document relationships.    6 points

Weakly describes and relates information security and other technology issues to confidentiality, integrity and availability (CIA). Some synthesizing and application or applies material and document relationships.    3 points

Little description and relating information security and other technology issues to confidentiality, integrity and availability (CIA). Little synthesizing or application of material and document relationships.    0 points

No description or relationship of information security or other technology issues to confidentiality, integrity and availability (CIA). Doesn’t synthesize or  apply material and document relationships.
Risks and Challengess    Level 5    Level 4    Level 3    Level 2    Level 1
ID Risks and Challenges    5 points

Clearly identifies and articulates the risks and challenges from the case study. Links all risks to technologies identified.    4 points

Basically identifies and articulates the risks and challenges from the case study. Links most risks to technologies identified.    2 points

Weakly identifies and articulates the risks and challenges from the case study. Links few risks to technologies identified.    1 point

Little identification or articulation of the risks and challenges from the case study. May not link any risks to technologies identified.    0 points

No identification or articulation of the risks and challenges from the case study. No links of risks to technologies identified.
Apply Risk ID    10 points

Synthesizes and applies risk identification and challenges. Derives new paradigms appropriately based on research and lessons learned.    8 points

Basically synthesizes and applies risk identification and challenges. Derives some new paradigms appropriately based on research and lessons learned.    6 points

Weakly synthesizes and applies risk identification and challenges. Derives few new paradigms appropriately based on research or lessons learned.    3 points

Little synthesis or application of risk identification or challenges. Derives little new paradigms appropriately based on research and lessons learned.    0 points

No synthesis or application of risk identification or challenges. No new paradigms based on research or lessons learned.
Security Strategy    Level 5    Level 4    Level 3    Level 2    Level 1
Define Strategy    5 points

Each defined strategy solution clearly mitigate the risk or issue.    4 points

Most defined strategy solutions basically mitigate the risk or issue.    2 points

Defined strategy solutions weakly mitigate the risk or issue.    1 point

Little defined strategy solutions mitigate the risk or issue.    1 point

No defined strategy solutions that will mitigate any risk or issue.
Relate Solutions    10 points

Clearly identifies security solutions that consist of people, processes and technologies that relate to the risks. Covers all three requirements.    8 points

Basically identifies security solutions that consist of people, processes and technologies that relate to the risks. Covers at least two of the three requirements.    6 points

Weakly identifies security solutions that consist of people, processes and technologies that relate to the risks. Covers at least one of the requirements.    3 points

Little identification of security solutions that consist of people, processes or technologies that relate to the risks.  May not cover one of the requirements.    0 points

Doesn’t identify security solutions that consist of people, processes or technologies that relate to the risks. Doesn’t cover any of the three requirements.
Link Solutions    5 points

Clearly describes the linkage between each solution and the steps in the case study.    4 points

Basically describes the linkage between each solution and the steps in the case study.    2 points

Weakly describes the linkage between each solution and the steps in the case study.    1 point

Little description of the linkage between each solution or the steps in the case study.    0 points

No description of any linkage between each solution or steps in the case study.
Timeline    Level 5    Level 4    Level 3    Level 2    Level 1
Defines Tasks    5 points

Clear and detailed timeline that summarizes at least 10 of the technology solutions being recommended. Includes clear and defined tasks for each solution.     4 points

Basic and descriptive timeline. Summarizes at least 8 of the solutions being recommended. Includes basic and descriptive tasks for most solutions.     2 points

Weak and poorly detailed timeline. Summarizes at least 6 of the solutions recommended. Includes weak and poorly defined tasks for some solutions.    1 point

Little defined timeline. Summarizes at least 3 solutions being recommended. May miss clear and defined tasks for some solutions.     0 points

No sufficient details in timeline. No summary of solutions being recommended.
No clear and defined tasks for each solution.
Prioritize Tasks    5 points

Major tasks are clearly prioritized according their importance to mitigating the risks and issues found.    4 points

Major tasks basically prioritized according their importance to mitigating the risks or issues found.    2 points

Major tasks weakly prioritized according their importance to mitigating the risks and issues found.    1 point

Few tasks prioritized according their importance to mitigating the risks or issues found.    0 points

No tasks prioritized according their importance to mitigating the risks or issues found.
Define Resources    5 points

Clearly defined people resources (by type) that support each task in the timeline.    4 points

Basically defined people resources (by type) that support each task in the timeline.    2 points

Weakly defined people resources (by type) that support each task in the timeline.    1 point

Little defined people resources (by type) that support each task in the timeline.    0 points

No defined people resources (by type) that support each task in the timeline.
Remediation Plan    Level 5    Level 4    Level 3    Level 2    Level 1
Mitigation    5 points

Clearly describes and discusses high level plans that mitigate all technology issues identified. Provides clear detail and rationale to mitigate issues identified.    4 points

Basically describes and discusses high level plans that mitigate all technology issues identified. Provides clear detail and rationale to mitigate issues identified.    2 points

Weakly describes and discusses high level plans that mitigate all technology issues identified. Provides clear detail and rationale to mitigate issues identified.    1 point

Little description or discussion of high level plans that mitigate all technology issues identified. Provides clear detail and rationale to mitigate issues identified.    0 points

No description or discussion of high level plans that mitigate all technology issues identified. No detail or rationale to mitigate issues identified.
Next Steps    5 points

Clearly describes next steps that must be taken to resolve all issues identified.    4 points

Basically describes next steps that must be taken to resolve all issues identified.    2 points

Weakly describes next steps that must be taken to resolve all issues identified.    1 point

Little description of next steps that may be taken to resolve some issues identified.    0 points

Doesn’t describe next steps that must be taken to resolve all issues identified.
Finds and Applies Knowledge    Level 5    Level 4    Level 3    Level 2    Level 1
Use of Authoritative Sources    5 points

Used at least 5 authoritative or scholarly sources in paper. No APA style errors in sources.    4 points

Used at least 3 authoritative or scholarly sources in paper. No more than 1 APA errors in sources.    3 points

Used at least 2 authoritative or scholarly sources in paper. No more than 2 APA errors in sources.    1 point

May have used 1 authoritative or scholarly source in paper. May not have used APA style formatting.    0 points

No authoritative or scholarly sources used in paper.
Citation of Sources    5 points

All sources cited. No errors in citing material in paper.    4 points

All but 1 source cited. Had no more than 5 citing errors in paper.    2 points

All but 2 sources cited. Had no more than 10 citing errors in paper.    1 point

All but 3 sources cited. Had less than 15 APA citing errors in paper.    0 points

No sources cited or had more than 15 APA citing errors in paper.
Organization, Execution and Appearance    Level 5    Level 4    Level 3    Level 2    Level 1
Formatting    5 points

Prepared MS Word document, used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count of 5 pages.    4 points

MS Word document didn’t follow up to two (2) of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count of 5 pages.     2 points

MS Word document didn’t follow up to four (4) of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count of 5 pages.     1 point

MS Word document followed only one (1) of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count of 5 pages.     0 points

Non MS Word document didn’t any of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count of 5 pages.
Grammar and Punctuation    5 points

No grammar errors, use of first/second person, spelling or punctuation errors.    4 points

Less than 5 grammar errors, use of first/second person, spelling or punctuation errors.     2 points

Less than 10 grammar errors, use of first/second person, spelling or punctuation errors.     1 point

Less than 15 grammar errors, use of first/second person, spelling or punctuation errors.    0 points

More than 15 grammar errors, use of first/second person, spelling or punctuation errors.
Overall Score    Level 5
4 or more    Level 4
3 or more    Level 3
2 or more    Level 2
1 or more    Level 1
0 or more