You will submit your plan pertaining to statements of policy. You will recommend protocols and mitigating factors to the organization. Justify how the disaster response protocol

8/13/23, 1:00 AM Assignment Information

https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 1/8

IT 549 Final Project Guidelines and Rubric

Overview

The �nal project for this course is the creation of a functional information assurance plan.

The effective management of information and protection of pertinent data is essential for leveraging the required knowledge to serve customers and stakeholders on a continuous basis.

Employing information assurance best practices will ensure a �rm is able to eliminate hierarchical structures, become more �at, and have greater customer touch points by leveraging the

correct information at the right time. Successful �rms will maintain an established information assurance plan and posture that are reviewed on a weekly basis.

This assessment will consist of the creation of a functional information assurance plan. You will �nd, and review, a real-world business scenario (e.g. Sony Breach, Target Breach, Home Depot

Breach) in order to apply information assurance research and incorporate industry best practices to your recommendations for speci�c strategic and tactical steps. These skills are crucial for

you to become a desired asset to organizations seeking industry professionals in the information assurance �eld.

The project is divided into four milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality �nal submissions. These milestones will be

submitted in Modules Two, Four, Five, and Seven. The �nal product will be submitted in Module Nine.

In this assignment, you will demonstrate your mastery of the following course outcomes:

Assess con�dentiality, integrity, and availability of information in a given situation for their relation to an information assurance plan

Propose appropriate protocols for incident and disaster responses and managing security functions that adhere to best practices for information assurance

Analyze threat environments using information assurance research and industry best practices to inform network governance

Recommend strategies based on information assurance best practices for maintaining an information assurance plan

Evaluate the appropriateness of information assurance decisions about security, access controls, and legal issues

Assess applicable threats and vulnerabilities related to information assurance to determine potential impact on an organization and mitigate associated risks

Prompt

Your information assurance plan should answer the following prompt: Review the scenario and create an information assurance plan for the organization presented in the scenario.

Speci�cally, the following critical elements must be addressed in your plan:

I. Information Assurance Plan Introduction

a. Provide a brief overview of the goals and objectives of your information assurance plan, including the importance of ensuring the con�dentiality, integrity, and availability of

information. What are the bene�ts of creating and maintaining an information assurance plan around those key concepts?

b. Assess the con�dentiality, integrity, and availability of information within the organization.



8/13/23, 1:00 AM Assignment Information

https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 2/8

c. Evaluate the current protocols and policies the organization has in place. What de�ciencies exist within the organization’s current information assurance policies? What are the

potential barriers to implementation of a new information assurance plan?

II. Information Security Roles and Responsibilities

a. Analyze the role of the key leaders within the organization speci�c to how their responsibilities are connected to the security of the organization’s information. What is the

relationship between these roles?

b. Evaluate key ethical and legal considerations related to information assurance that must be taken into account by the key leaders within the organization. What are the rami�cations

of key leaders not properly accounting for ethical and legal considerations?

c. What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the

current policies as they relate to con�dentiality, integrity, and availability of information.

III. Risk Assessment

a. Analyze the environment in which the organization operates, including the current protocols and policies in place related to information assurance.

b. Evaluate the threat environment of the organization.

c. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do you see the most areas for improvement to

current protocols and policies?

d. Assess the threats and vulnerabilities of the organization by creating a risk matrix to outline the threats and vulnerabilities found and determine possible methods to mitigate the

identi�ed dangers.

IV. Statements of Policy

a. Develop appropriate incident response protocols to respond to the various threats and vulnerabilities identi�ed within the organization.

b. Justify how the incident response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justi�cation with information assurance research and

best practices.

c. Develop appropriate disaster response protocols to respond to the various threats and vulnerabilities identi�ed within the organization.

d. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Support your justi�cation with information assurance research and

best practices.

e. Develop appropriate access control protocols that provide an appropriate amount of protection while allowing users to continue to operate without denial of service.

f. Justify your access control protocols. Support your justi�cation with information assurance research and best practices.

g. Recommend a method for maintaining the information assurance plan once it has been established.

h. Justify how your maintenance plan will ensure the ongoing effectiveness of the information assurance plan. Support your justi�cation with information assurance research and best

practices.

V. Conclusion

8/13/23, 1:00 AM Assignment Information

https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 3/8

a. Summarize the need for an information assurance plan for the selected organization, including the legal and ethical responsibilities of the organization to implement and maintain an

appropriate information assurance plan.

b. Defend the key elements of your information assurance plan, including which members of the organization would be responsible for each element.

Milestones

Milestone One: Information Assurance Plan Introduction

In Module Two, you will submit your introduction to the information assurance plan. This section of the plan will provide the overview of the current state of the organization. Provide a brief

overview of the goals and objectives of your information assurance plan, including the importance of ensuring the con�dentiality, integrity, and availability of information. What are the bene�ts

of creating and maintaining an information assurance plan around those key concepts? Are there current protocols and policies the organization has in place? Additionally, what de�ciencies

exist within the organization’s current information assurance policies? What are the potential barriers to implementation of a new information assurance plan? This milestone is graded with the

Milestone One Rubric.

Milestone Two: Information Security Roles and Responsibilities

In Module Four, you will submit your roles and responsibilities portion of the �nal project. Who are the key leaders of the organization speci�c to how their responsibilities are connected to the

security of the organization’s information? You must also identify key ethical considerations. What are the rami�cations of key leaders not properly accounting for ethical and legal

considerations? What are the key components of information assurance as they relate to individual roles and responsibilities within the information assurance plan? For example, examine the

current policies as they relate to con�dentiality, integrity, and availability of information. This milestone is graded with the Milestone Two Rubric.

Milestone Three: Risk Assessment

In Module Five, you will submit the risk assessment portion of the information assurance plan. You will provide the organization with an assessment of the threat environment and the risks

within, as well as methods designed to mitigate these risks. Based on your analysis and evaluation, what are the best approaches for implementing information assurance principles? Where do

you see the most areas for improvement to current protocols and policies? This milestone is graded with the Milestone Three Rubric.

Milestone Four: Statements of Policy

In Module Seven, you will submit your plan pertaining to statements of policy. You will establish protocols and mitigating factors to the organization. Justify how the disaster response protocols

will mitigate the threats to and vulnerabilities of the organization. You will focus on disaster and incident response protocols as well as access control. Assess your proposed method for

maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan. This milestone is graded with the Milestone

Four Rubric.

Final Submission: Information Assurance Plan

In Module Nine, you will submit your information assurance plan. It should be a complete, polished artifact containing all of the critical elements of the �nal product. It should re�ect the

incorporation of feedback gained throughout the course. This submission will be graded with the Final Product Rubric.

8/13/23, 1:00 AM Assignment Information

https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 4/8

What to Submit

Your information assurance plan should adhere to the following formatting requirements: 10–12 pages, double-spaced, using 12-point Times New Roman font and one-inch margins. Use

discipline-appropriate citations.

Final Project Rubric

Criteria Exemplary (100%) Pro�cient (90%) Needs Improvement (70%) Not Evident (0%) Value

Overview of Goals and

Objectives

Meets “Pro�cient” criteria and

quality of overview establishes

expertise in the discipline

Provides a brief but

comprehensive overview of the

goals and objectives of the

information assurance plan,

including the importance of

ensuring the con�dentiality,

integrity, and availability of

information and the bene�ts of

creating and maintaining an

information assurance plan

Provides a brief overview of the

goals and objectives of the

information assurance plan but

does not include the

importance of ensuring the

con�dentiality, integrity, and

availability of information or

the bene�ts of creating and

maintaining an information

assurance plan

Does not provide a brief

overview of the goals and

objectives of the information

assurance plan

4

Con�dentiality, Integrity, and

Availability of Information

Meets “Pro�cient” criteria and

demonstrates a nuanced

understanding of key

information assurance

concepts

Accurately assesses the

con�dentiality, integrity, and

availability of information

within the organization

Assesses the con�dentiality,

integrity, and availability of

information within the

organization but some

elements of the assessment may

be illogical or inaccurate

Does not assess the

con�dentiality, integrity, and

availability of information

within the organization

5

Current Protocols and

Policies

Meets “Pro�cient” criteria and

demonstrates deep insight into

complex de�ciencies and

barriers to implementation of a

new information assurance

plan

Logically evaluates the current

protocols and policies in place,

including de�ciencies that

currently exist and potential

barriers to implementation of a

new information assurance

plan

Evaluates the current protocols

and policies in place but does

not address the de�ciencies

that currently exist or potential

barriers to implementation of a

new information assurance

plan, or evaluation is illogical

Does not evaluate the current

protocols and policies in place

4

Responsibilities of Key

Leaders

Meets “Pro�cient” criteria and

demonstrates a nuanced

understanding of the

relationship between these

roles and information security

Analyzes the role of the key

leaders within the organization

speci�c to how their

responsibilities are connected

to the security of the

organization’s information

Analyzes the role of the key

leaders within the organization

but misses key roles or aspects

of responsibilities speci�c to

the security of the

organization’s information

Does not analyze the role of the

key leaders within the

organization

5

8/13/23, 1:00 AM Assignment Information

https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 5/8

Criteria Exemplary (100%) Pro�cient (90%) Needs Improvement (70%) Not Evident (0%) Value

Key Ethical and Legal

Considerations

Meets “Pro�cient” criteria and

provides complex or insightful

re�ection of the rami�cations

of key leaders not properly

accounting for ethical and legal

considerations

Accurately evaluates key ethical

and legal considerations related

to information assurance that

must be taken into account by

the key leaders within the

organization, including the

rami�cations of key leaders not

properly accounting for ethical

and legal considerations

Evaluates ethical and legal

considerations related to

information assurance that

must be taken into account by

the key leaders within the

organization but does not

include the rami�cations of key

leaders not properly

accounting for ethical and legal

considerations, or evaluation is

inaccurate

Does not evaluate ethical and

legal considerations related to

information assurance that

must be taken into account by

the key leaders within the

organization

5

Key Components of

Information Assurance

Meets “Pro�cient” criteria and

demonstrates a nuanced

understanding of how each key

component identi�ed impacts

each individual’s role and

responsibility

Comprehensively addresses

components of information

assurance as they relate to

individual roles and

responsibilities within the

information assurance plan

Addresses components of

information assurance as they

relate to individual roles and

responsibilities within the

information assurance plan but

does not address

con�dentiality, integrity, and/or

availability of information

Does not address any

components of information

assurance as they relate to

individual roles and

responsibilities within the

information assurance plan

5

Analysis of Environment Meets “Pro�cient” criteria and

demonstrates unique or

insightful re�ection of current

protocols and policies

Logically analyzes the

environment in which the

organization operates,

including the current protocols

and policies in place related to

information assurance

Analyzes the environment in

which the organization

operates but does not include

the current protocols and

policies in place related to

information assurance

Does not analyze the

environment in which the

organization operates

5

Threat Environment Meets “Pro�cient” criteria and

demonstrates deep insight into

hidden or complex threats or

vulnerabilities

Accurately analyzes the threat

environment of the

organization

Evaluates the threat

environment of the

organization but misses crucial

threats or vulnerabilities, or the

evaluation is inaccurate

Does not evaluate the threat

environment of the

organization

5

8/13/23, 1:00 AM Assignment Information

https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 6/8

Criteria Exemplary (100%) Pro�cient (90%) Needs Improvement (70%) Not Evident (0%) Value

Best Approaches Meets “Pro�cient” criteria and

demonstrates unique or

insightful re�ection regarding

areas for improvement

Comprehensively discusses

best approaches for

implementing information

assurance principles, including

areas of improvement to

current protocols and policies

Discusses best approaches for

implementing information

assurance principles, but does

not fully develop ideas related

to areas of improvement to

current protocols and policies

Does not discuss best

approaches for implementing

information assurance

principles

5

Risk Matrix Meets “Pro�cient” criteria and

demonstrates deep insight into

hidden or complex threats or

vulnerabilities and possible

methods to mitigate the

identi�ed dangers

Creates a risk matrix to

comprehensively and

accurately assess the threats to

and vulnerabilities of the

organization, including

possible methods to mitigate

the identi�ed dangers

Creates a risk matrix to assess

the threats to and

vulnerabilities of the

organization but does not

include possible methods to

mitigate the identi�ed dangers,

or assessment is incomplete or

inaccurate

Does not create a risk matrix to

assess the threats to and

vulnerabilities of the

organization

5

Incident Response Protocols Meets “Pro�cient” criteria and

provides secondary incident

response protocols in the event

that primary protocols fail

Develops appropriate incident

response protocols to respond

to the various threats and

vulnerabilities identi�ed

Develops incident response

protocols to respond to the

various threats and

vulnerabilities identi�ed, but

they are not all appropriate or

do not respond to all the threats

and vulnerabilities

Does not develop incident

response protocols

5

Justi�cation of Incident

Response Protocols

Meets “Pro�cient” criteria and

provides unique or insightful

re�ection into the dangers of

not providing for adequate

incident response protocols

Logically justi�es how the

incident response protocols

will mitigate the threats to and

vulnerabilities of the

organization with support from

information assurance

research and best practices

Justi�es how the incident

response protocols will mitigate

the threats to and

vulnerabilities of the

organization with minimal

support from information

assurance research and best

practices, or justi�cation is

illogical

Does not justify how the

incident response protocols

will mitigate the threats and

vulnerabilities to the

organization

5

8/13/23, 1:00 AM Assignment Information

https://snhu.brightspace.com/d2l/le/content/1339735/viewContent/25616773/View 7/8

Criteria Exemplary (100%) Pro�cient (90%) Needs Improvement (70%) Not Evident (0%) Value

Disaster Response Protocols Meets “Pro�cient” criteria and

demonstrates deep insight into

responding to hidden or

complex threats or

vulnerabilities

Develops appropriate disaster

response protocols to respond

to the various threats and

vulnerabilities identi�ed

Develops disaster response

protocols to respond to the

various threats and

vulnerabilities identi�ed, but

they are not all appropriate or

do not respond to all the threats

and vulnerabilities

Does not develop disaster

response protocols

4

Justi�cation of Disaster

Response Protocols

Meets “Pro�cient” criteria and

provides unique or insightful

re�ection into the dangers of

not providing for adequate

disaster response protocols

Logically justi�es how the

disaster response protocols will

mitigate the threats to and

vulnerabilities of the

organization with support from

information assurance

research and best practices

Justi�es how the disaster

response protocols will mitigate

the threats to and

vulnerabilities of the

organization with minimal

support from information

assurance research and best

practices, or justi�cation is

illogical

Does not justify how the

disaster response protocols will

mitigate the threats to and

vulnerabilities of the

organization

5

Access Control Protocols Meets “Pro�cient” criteria and

demonstrates unique or

insightful re�ection into

appropriate protocols

Develops appropriate access

control protocols that provide

an appropriate amount of

protection while allowing users

to continue to operate without

denial of service

Develops access control

protocols, but they do not

provide an appropriate amount

of protection while allowing

users to continue to operate

without denial of service

Does not develop access

control protocols

4

Justi�cation of Access

Control Protocols

Meets “Pro�cient” criteria and

provides unique or insightful

re�ection into the dangers of

not providing for adequate

access control protocols

Logically justi�es the access

control protocols with support

from information assurance

research and best practices

Justi�es the access control

protocols with minimal support

from information assurance </