Write An introduction section which provides a brief introduction to the company and the information /
Write
An introduction section which provides a brief introduction to the company and the information / information technology risks that it faces (you may reuse some of your narrative from Project #1 and/or Project #2). Your introduction should include a brief overview of the company’s business operations. Follow this with a description of the purpose and contents of this Risk Mitigation Strategy deliverable.
A separate analysis section in which you present your Risk Profile. Start with a summary of your Risk Profile. You may reuse your introductory paragraph from Project #2 (revise if necessary) where you explained your risk profile (what information is contained in the table and what sources were used to obtain this information). Include a description of the process and documents used to construct the Risk Profile. Explain the benefits of using a risk profile to help manage risk. The citations and named documents in this paragraph will serve as citations and attributions for the contents of Table #1 (bring Table #1 Risk Profile forward from Project #2 and update if needed). Place Table #1 at the end of this section.
A separate analysis section (Security Controls Profile) in which you present your Security Controls Profile. Provide an introductory paragraph that explains the security controls profile, e.g., what information is contained in the table and what sources were used to obtain this information. Describe the process and documents used to construct the Security Controls Profile.
A separate section (Risk Mitigation Strategy) in which you present a high-level strategy for implementing the risk mitigations (security controls) presented earlier in this deliverable. This section should include a summary of the business problem (reduce risks related to information and IT systems and infrastructures), the general types of risks to be mitigated (focus on the CIA triad and summarize the risks you previously identified), the benefits of implementing security controls listed in your Security Controls Profile, and the policy, processes, and technical solutions being recommended for implementation (aligned to your Security Controls Profile).
A separate Recommendations and Conclusions section which provides a summary of the information contained in this deliverable and presents your concluding statements regarding the business need and business benefits which support implementing your Risk Mitigation Strategy and the allocation of resources by the company.
Additional Information
Your 8 to 10 page deliverable should be professional in appearance with consistent use of fonts, font sizes, colors, margins, etc. You should use headings and sub-headings to organize your paper. Use headings which correspond to the content rows in the rubric – this will make it easier for your instructor to find required content elements and will help you ensure that you have covered all required sections and content in your paper.
The stated page length is a recommendation based upon the content requirements of the assignment. All pages submitted will be graded but, for the highest grades, your work must be clear, concise, and accurate. Exceeding the recommended length will not necessarily result in a higher grade. Shorter submissions may not fully meet the content requirements resulting in a lower grade.
The INFA program requires that graduate students follow standard APA style guidance for both formatting and citing/reference sources. Your file submission must be in MS Word format (.docx). PDF, ODF, and other types of files are not acceptable.
You must include a cover page with the course, the assignment title, your name, your instructor’s name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s minimum page count.
You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow APA Style guidance. Use of required readings from the course as sources is expected and encouraged. Where used, you must cite and provide references for these readings.
When using Security and Privacy controls from NIST SP 800-53, you must use the exact numbering and names (titles) when referring to those controls. This information does not need to be treated as quotations. You may paraphrase or quote from the descriptions of the controls provided that you appropriately mark copied text (if any) and attach a citation for both quoted and paraphrased information.
Consult the grading rubric for specific content and formatting requirements for this assignment.
All work submitted to the Assignment Folder will be scanned by the Turn It In service. We use this service to help identify areas for improvement in student writing.
Rubric Name: Project 3: Risk Mitigation Strategy
Criteria Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable Criterion Score
Introduction Provided an excellent introduction to the company, its business operations, and the information / information technology risks that it faces (may reuse some narrative from Project #1 and/or Project #2). Provided a description of the purpose and contents of this deliverable. This section was clear, concise, and accurate. Appropriately used information from 3 or more authoritative sources. Provided an outstanding introduction to the company, its business operations, and the information / information technology risks that it faces (may reuse some narrative from Project #1 and/or Project #2). Described the purpose of this deliverable. This section was clear, concise, and accurate. Appropriately used information from 2 or more authoritative sources. Provided an introduction which included a brief overview of the company and the information / IT risks it faces (may reuse narrative from Project #1 and/or Project #2). Mentioned the purpose of this deliverable. Appropriately used information from authoritative sources. Provided a brief introduction which mentioned the company and the information / IT risks it faces (may reuse narrative from Project #1 and/or Project #2). Information from authoritative sources was cited and used in the overview. Attempted to provide an introduction but this section did not the company and the risks it faces. Or, this section was not well supported by information drawn from authoritative sources. The introduction section was missing or did not provide any relevant content.
/ 10
Risk Profile Provided an excellent introduction to the Risk Profile. Provided a clear and concise explanation of the risk profile table (what is in it, how it was developed, the benefits of using a risk profile to help manage risk). A completed Table #1 Risk Profile was included at the end of this section. The table included 15 or more risks. Appropriately used information from 3 or more authoritative sources.
Provided an outstanding introduction to the Risk Profile. Provided a clear explanation of the risk profile table. Explained the benefits of using a risk profile to help manage risk. A completed Table #1 Risk Profile was included at the end of this section. The table included 12 or more risks. Appropriately used information from 2 or more authoritative sources. Provided an acceptable introduction to the Risk Profile. Provided a brief summary of the purpose and uses of the risk profile table. Included Table #1 Risk Profile at the end of this section. The table included 10 or more risks. Appropriately used information from authoritative sources. Provided an introduction to the risk profile and mentioned the purpose of the risk profile table. Information from authoritative sources was cited and used in the overview. Attempted to provide an introduction to the risk profile but this section lacked content / details. Or, this section was not well supported by information drawn from authoritative sources. The introduction for the risk profile was missing or did not provide any relevant content.
/ 10
Security Controls Profile Provided an excellent introduction to the Security Controls Profile. Provided a clear and concise explanation of the security controls table (what is in it, how it was developed, the benefits of using a security controls profile to help manage risk. A completed Table #2 Security Controls Profile was included at the end of this section. The table contained at least 15 fully completed rows. Appropriately used information from 3 or more authoritative sources.
Provided an outstanding introduction to the Security Controls Profile. Provided an explanation of the security controls table and the benefits of using a security controls profile to help manage risk. A completed Table #2 Security Controls Profile was included at the end of this section. The table contained 12 or more fully completed rows. Appropriately used information from 3 or more authoritative sources.
Provided an acceptable introduction to the Security Controls Profile. Provided a brief summary of the purpose and uses of the security controls profile table. Included Table #2 Security Controls Profile at the end of this section. The table contained 10 or more completed rows. Appropriately used information from authoritative sources. Provided an introduction to the Security Controls Profile and mentioned the purpose of the table. Attempted to provide a list of controls in table format. Information from authoritative sources was cited and used in the overview. Attempted to provide a security controls profile but this section lacked content / details. Or, this section was not well supported by information drawn from authoritative sources. The security controls profile was missing or did not provide any relevant content.
/ 20
Risk Mitigation Strategy Provided an excellent, high-level strategy for implementing the risk mitigations (security controls) presented in the Security Controls Profile (Table #2). Included a summary of the business problem (reduce risks related to information and IT systems and infrastructures), the general types of risks to be mitigated (focused on the CIA triad) and summarize the risks previously identified. Discussed the benefits of implementing security controls listed in the Security Controls Profile, and the policy, processes, and technical solutions being recommended for implementation (aligned to the Security Controls Profile). Appropriately used information from 3 or more authoritative sources. Provided an outstanding strategy for implementing the risk mitigations (security controls) presented in the Security Controls Profile (Table #2). Included a summary of the business problem (reduce risks related to information and IT systems and infrastructures) and summarized the risks previously identified. Discussed the benefits of implementing security controls being recommended for implementation (aligned to the Security Controls Profile). Appropriately used information from 2 or more authoritative sources. Provided an acceptable strategy for implementing the risk mitigations (security controls) presented in the Security Controls Profile (Table #2). Included a summary of the business problem and the benefits of implementing security controls to mitigate risk. Appropriately used information from authoritative sources. Discussed the risk mitigation strategy but this section did not directly address implementation of the security controls from Table #2. Information from authoritative sources was cited and used in the overview. Attempted to provide a risk mitigation strategy but this section lacked content / details. Or, this section was not well supported by information drawn from authoritative sources. The risk mitigation strategy was missing or did not provide any relevant content.
/ 20
Recommendations and Conclusions Provided an Recommendations and Conclusions section which summarized the risks, security controls, and the risk mitigation strategy. Presented a compelling argument recommending implementation of the strategy (presented the benefits to the company of implementing the strategy). Appropriately used information from authoritative sources.
Provided an outstanding Recommendations and Conclusions section which summarized the risks, security controls, and the risk mitigation strategy. Recommended implementation of the strategy (presented the benefits to the company of implementing the strategy). Appropriately used information from authoritative sources.
Provided an acceptable Recommendations and Conclusions section and recommended implementation of the risk mitigation strategy. Appropriately used information from authoritative sources.
Attempted to provide recommendations and conclusions for the risk mitigation strategy. Appropriately used information from authoritative sources.
Attempted to provide a conclusions section but did not provide a separate recommendations and conclusions section or this section did not adequately address the required content. Or, this section was not well supported by information drawn from authoritative sources. The summary section was missing or did not provide any relevant content.
/ 10
Professionalism: Formatting for Citations and Reference List Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are formatted in a consistent and professional manner using APA style. Work contains a reference list containing entries for all cited resources. One or two minor inconsistencies in format for in-text citations and/or reference list entries. Work contains a reference list containing entries for all cited resources. No more than 3 minor errors or inconsistencies in format for in-text citations and/or reference list entries. Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors or inconsistencies in formatting for in-text citations and/or reference list entries. Work attempts to credit sources but demonstrates a fundamental failure to understand and apply a professional formatting style for citations and/or references.
Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper. / 10
Professionalism: Organization & Appearance Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are formatted using a consistent and professional style for each type of resource. Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions). Work contains a reference list containing entries for all cited resources. No more than 3 minor errors or inconsistencies in format for in-text citations and/or reference list entries. Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors or inconsistencies in formatting for in-text citations and/or reference list entries. Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance. No work submitted.
/ 10
Professionalism: Execution No formatting, grammar, spelling, or punctuation errors. Appropriately used standard cybersecurity terms and definitions.
Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance. Appropriately used standard cybersecurity terms and definitions.
Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. Appropriately used standard cybersecurity terms and definitions.
Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Minor errors in usage of standard cybersecurity terms and definitions. Work is unprofessional in appearance. Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. Did not use standard cybersecurity terms and definitions.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
