IT 241: Case Study Two Guidelines and Rubric
Overview: This case study analysis is the second of two formative tasks that will support your understanding of the key course concepts of human behaviors that could potentially cause a security threat.
Prompt: Review the security policy template (https://cdt.ca.gov/ )on the California Department of Technology website. For each of the six sections, summarize the content for the organization you have selected for the final project.
Specifically, the following critical elements must be addressed:
- Introduction:Provideabriefdescriptionofwhatthispolicywill stateandwhyitisneeded. Statethesecuritystanceofyourorganization.
- RolesandResponsibilities:Detailthespecificresponsibilitiesofeachidentifiableuserpopulation,includingmanagement,employees,andresidual parties.
- Policy Directives: Describe the specifics of the securitypolicy.
- Enforcement, Auditing, and Reporting: State what is considered a violation and the penalties for noncompliance. The violation of a policy usually implies an adverse action that needs to beenforced.
- ControlandMaintenance:Statetheauthorandownerofthepolicy.Describetheconditionsandprocessinwhichthepolicywillbereviewed.Apolicy reviewshouldbeperformedonatleastanannualbasistoensurethatthepolicyiscurrent.
Guidelines for Submission: Your case study should be submitted as a FIVE – to SIX -page Word document (in addition to the title page and references). Use double spacing, 12-point Times New Roman font, one-inch margins, and APA citation format.
Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center.
|Critical Elements||Proficient (100%)||Needs Improvement (75%)||Not Evident (0%)||Value|
|Introduction||Accurately describes the policy||Does not sufficiently describe the policy||Does not describe the policy||10|
|Roles and Responsibilities||Accurately details the specific responsibilities||Does not sufficiently detail the specific responsibilities||Does not provide the specific responsibilities||20|
|Policy Directives||Sufficiently describes the specifics of the security policy||Does not sufficiently describe the specifics of the security policy||Does not describe the specifics of the security policy||20|
|Enforcement, Auditing, and Reporting||Sufficiently states what is considered a violation and the penalties for noncompliance||Does not sufficiently state what is considered a violation and the penalties for noncompliance||Does not state what is considered a violation and the penalties for noncompliance||20|
|References||Sufficiently lists all references||Does not sufficiently list all references||Does not list all references||10|
|Control and Maintenance||Sufficiently describes the conditions and process in which the policy will be reviewed||Does not sufficiently describe the conditions and process in which the policy will be reviewed||Does not describe the conditions and process in which the policy will be reviewed||15|
|Articulation of Response||Submission has no major errors related to citations, grammar, spelling, syntax, or organization||Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas||Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas||5|