Points: 100

Assignment 1: Developing the Corporate Strategy for Information Security

Criteria

 

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

 

Fair

70-79% C

 

Proficient

80-89% B

 

Exemplary

90-100% A

1a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the organization.

Weight: 10%

Did not submit or incompletely examined three (3) specific functions a CISO; did not submit or incompletely provided examples of when a CISO would execute these functions within the organization.

Insufficiently examined three (3) specific functions a CISO; insufficiently provided examples of when a CISO would execute these functions within the organization.

Partially examined three (3) specific functions a CISO; partially provided examples of when a CISO would execute these functions within the organization.

Satisfactorily examined three (3) specific functions a CISO; satisfactorily provided examples of when a CISO would execute these functions within the organization.

Thoroughly examined three (3) specific functions a CISO; thoroughly provided examples of when a CISO would execute these functions within the organization.

1b. Specify at least three (3) competencies that the CISO could perform using the provided website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.”
Weight: 10%

Did not submit or incompletely specified at least three (3) competencies that the CISO could perform using the provided website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.”

Insufficiently specified at least three (3) competencies that the CISO could perform using the provided website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.”

Partially specified at least three (3) competencies that the CISO could perform using the provided website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.”

Satisfactorily specified at least three (3) competencies that the CISO could perform using the provided website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.”

Thoroughly specified at least three (3) competencies that the CISO could perform using the provided website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.”

2a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these functions within an organization.

Weight: 10%

Did not submit or incompletely identified at least four (4) functions of the CIO using the EBK as a guide; did not submit or incompletely provided examples of how the CIO would execute these functions within an organization.

Insufficiently identified at least four (4) functions of the CIO using the EBK as a guide; insufficiently provided examples of how the CIO would execute these functions within an organization.

Partially identified at least four (4) functions of the CIO using the EBK as a guide; partially provided examples of how the CIO would execute these functions within an organization.

Satisfactorily identified at least four (4) functions of the CIO using the EBK as a guide; satisfactorily provided examples of how the CIO would execute these functions within an organization.

Thoroughly identified at least four (4) functions of the CIO using the EBK as a guide; thoroughly provided examples of how the CIO would execute these functions within an organization.

2b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program.

Weight: 10%

Did not submit or incompletely classified at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program.

Insufficiently classified at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program.

Partially classified at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program.

Satisfactorily classified at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program.

Thoroughly classified at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program.

2c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization on a day-to-day basis.

Weight: 10%

Did not submit or incompletely suggested methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization on a day-to-day basis.

Insufficiently suggested methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization on a day-to-day basis.

Partially suggested methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization on a day-to-day basis.

Satisfactorily suggested methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization on a day-to-day basis.

Thoroughly suggested methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization on a day-to-day basis.

3. Describe how the digital forensics function complements the overall security efforts of the organization.

Weight: 10%

Did not submit or incompletely described how the digital forensics function complements the overall security efforts of the organization.

Insufficiently described how the digital forensics function complements the overall security efforts of the organization.

Partially described how the digital forensics function complements the overall security efforts of the organization.

Satisfactorily described how the digital forensics function complements the overall security efforts of the organization.

Thoroughly described how the digital forensics function complements the overall security efforts of the organization.

4. Evaluate the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

Weight: 15%

Did not submit or incompletely evaluated the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

Insufficiently evaluated the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

Partially evaluated the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

Satisfactorily evaluated the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

Thoroughly evaluated the operational duties of digital forensic personnel and how these help qualify the integrity of forensic investigations within the enterprise and industry.

5. List at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations.

Weight: 10%

Did not submit or incompletely listed at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations.

Insufficiently listed at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations.

Partially listed at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations.

Satisfactorily listed at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations.

Thoroughly listed at least three (3) technical resources available to the digital forensics professional to perform forensic audits and investigations.

6. 3 references

Weight: 5%

No references provided

Does not meet the required number of references; all references poor quality choices.

Does not meet the required number of references; some references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

7. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than 8 errors present

7-8 errors present

5-6 errors present

3-4 errors present

0-2 errors present