PLEASE READ THE ATTACHED FILE, AND UNDERSTAND WHAT IS REQUIRED. EVERYTHING IS TO BE COMPLETED. Assessment Description Refer to the "Impact Analysis Assignment Guide," located within the Class Res
CYB-630 Impact Analysis Assignment Guide
Directions: This assignment will be completed throughout the course.
Benchmark – Impact Analysis Part 1: Information Acquisition
3.1: Examine the laws, regulations, and standards that organizations use to align with government requirements around cybersecurity best practices within their industry.
Select an industry of your choice and review its compliance requirements. Then, using a fictitious company that is just starting out, identify the essential elements of what is required to attain compliance or successful cybersecurity resilience. Within a report to the CIO, present this information from a legal standpoint making sure to address the following:
Identify any industry specific compliances that must be met (i.e., HIPAA, COPPA, DOD). Determine what overarching guidance they must comply with. Determine what overarching laws they must comply with.
Examine the requisite set of standards, frameworks, policies, and best practices most helpful in the development and implementation of the organizations objectives.
Identify the organization's critical data infrastructure assets (i.e., network, telecom, utilities, applications, computers and client data categories).
Identify human resources for technical, management and legal operations.
Identify requisite law enforcement entities required for reporting breaches to (i.e., local, state, and federal areas of compliance).
Performance Level Ratings
| Meets Expectations | Performance consistently met expectations in all essential areas of the assignment criteria, at times possibly exceeding expectations, and the quality of work overall was very good. The most critical goals were met. |
| Near Expectations | Performance did not consistently meet expectations. Performance failed to meet expectations in one or more essential areas of the assignment criteria, one or more of the most critical goals were not met. |
| Below Expectations | Performance was consistently below expectations in most essential areas of the assignment criteria, reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas. |
| Criteria | Below Expectations | Near Expectations | Meets Expectations | Earned |
| 3.1: Examine the laws, regulations, and standards that organizations use to align with government requirements around cybersecurity best practices within their industry. | ||||
| The student accurately identifies industry specific compliances that must be met. | 0 pts – 2 pts | 3 pts – 4 pts | 5 pts | |
| The student accurately determines overarching guidance that must be complied with. | 0 pts – 2 pts | 3 pts – 4 pts | 5 pts | |
| The student accurately determines overarching laws that must be complied with. | 0 pts – 6 pts | 7 pts – 9 pts | 10 pts | |
| The student comprehensively presents the standards most helpful in the development and implementation of the organizations objectives. | 0 pts – 6 pts | 7 pts – 9 pts | 10 pts | |
| The student accurately examines the frameworks most helpful in the development and implementation of the organizations objectives. | 0 pts – 6 pts | 7 pts – 9 pts | 10 pts | |
| The student comprehensively presents the policies most helpful in the development and implementation of the organizations objectives. | 0 pts – 6 pts | 7 pts – 9 pts | 10 pts | |
| The student comprehensively presents the best practices most helpful in the development and implementation of the organizations objectives. | 0 pts – 6 pts | 7 pts – 9 pts | 10 pts | |
| The student accurately identifies the organization's critical data infrastructure assets. | 0 pts – 6 pts | 7 pts – 9 pts | 10 pts | |
| The student comprehensively identifies human resources for technical operations | 0 pts – 2 pts | 3 pts – 4 pts | 5 pts | |
| The student comprehensively identifies human resources for management operations | 0 pts – 2 pts | 3 pts – 4 pts | 5 pts | |
| The student comprehensively identifies human resources for legal operations | 0 pts – 2 pts | 3 pts – 4 pts | 5 pts | |
| The student comprehensively identifies requisite law enforcement entities required for reporting breaches to. | 0 pts – 2 pts | 3 pts – 4 pts | 5 pts | |
| Industry standard technical writing is correct and utilized throughout. | 0 pts – 6 pts | 7 pts – 9 pts | 10 pts | |
| TOTAL | /100 | |||
| Instructor Feedback | ||||
Benchmark - Impact Analysis Part 2: Audit
Benchmark - 3.3: Perform requirements analysis to identify and obtain data and evidence in support of cyber law inquiries and incidents.
Next, gauge and evaluate your organizations current state of security and protection protocols and mechanisms. Identify gaps, challenges and opportunities for improvement by conducting a thorough audit making sure to:
Identify the industry specific cyber law in relation to inquiries and incidents.
Assess the critical information infrastructure. Determine the configuration of doors, windows, logical controls, data storage and encryption, firewalls, servers, routers, switches, hubs, and so forth to be compliant.
Identify key vulnerabilities points and strengths. Show compliance using a test case (pass/fail requirement). Demonstrate an actual compliance test of server, workstation, etc. that indicates what passes or what doesn't.
Indicate the legal elements and liability (costs) that the organization may encounter for non-compliance.
Place your findings in a report that will be reviewed by the CIO and System Security Authority (SSA).
Performance Level Ratings
| Meets Expectations | Performance consistently met expectations in all essential areas of the assignment criteria, at times possibly exceeding expectations, and the quality of work overall was very good. The most critical goals were met. |
| Near Expectations | Performance did not consistently meet expectations. Performance failed to meet expectations in one or more essential areas of the assignment criteria, one or more of the most critical goals were not met. |
| Below Expectations | Performance was consistently below expectations in most essential areas of the assignment criteria, reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas. |
| Criteria | Below Expectations | Near Expectations | Meets Expectations | Earned |
| Benchmark - 3.3: Perform requirements analysis to identify and obtain data and evidence in support of cyber law inquiries and incidents. | ||||
| The student accurately identifies the industry specific cyber law in relation to inquiries and incidents. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student correctly assesses/analyzes the critical information infrastructure | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student comprehensively identifies key vulnerabilities points and strengths. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student demonstrates compliance using a test case that indicates a pass/fail requirement. | 0 pts – 13 pts | 14 pts – 19 pts | 20 pts | |
| The student comprehensively presents the legal elements that the organization may encounter for non-compliance. | 0 pts – 13 pts | 14 pts – 19 pts | 20 pts | |
| The student comprehensively presents the liability (costs) that the organization may encounter for non-compliance. | 0 pts – 13 pts | 14 pts – 19 pts | 20 pts | |
| Industry standard technical writing is correct and utilized throughout. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| TOTAL | /120 | |||
| Instructor Feedback | ||||
Impact Analysis Part 3: Prevention and Response Strategies
Prior to or when security measures fail, it is essential to have in place several response strategies. In 1,250-1,500 words:
Explain how negotiations with accreditors on compliance should be dealt with. Provide an example.
Present appropriate response strategies that can be put into action (i.e., breach notification policies).
Present employee training recommendations for creating awareness of the organization's security measurements.
Explain how to obtain feedback on the effectiveness of security policies from stakeholders. Provide an example.
Explain how to identify new threats, vulnerabilities, or any countermeasures that may not have been present/available when the initial security measures were first implemented. What mechanisms could be in place to catch any oversights? Explain how this would be reported/communicated. Example, an IT professional explains why a specific device is configured, why if it is compliant it will NOT work, or why if it is NOT compliant it does work.
Explain how operational managers, stakeholders, and/or individuals affected will be notified. Provide examples for each.
Identify organization management techniques to respond quickly to new challenges. Explain with supporting details.
Performance Level Ratings
| Meets Expectations | Performance consistently met expectations in all essential areas of the assignment criteria, at times possibly exceeding expectations, and the quality of work overall was very good. The most critical goals were met. |
| Near Expectations | Performance did not consistently meet expectations. Performance failed to meet expectations in one or more essential areas of the assignment criteria, one or more of the most critical goals were not met. |
| Below Expectations | Performance was consistently below expectations in most essential areas of the assignment criteria, reasonable progress toward critical goals was not made. Significant improvement is needed in one or more important areas. |
| Criteria | Below Expectations | Near Expectations | Meets Expectations | Earned |
| The student comprehensively explains how negotiations with accreditors on compliance should be dealt with. Example is present. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student clearly presents appropriate response strategies that can be put into action. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student clearly presents employee training recommendations for creating awareness of the organization's security measurements | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student comprehensively explains how to obtain feedback on the effectiveness of security policies from stakeholders. Example is present. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student comprehensively explains how to identify new threats, vulnerabilities, or any countermeasures that may not have been present/available when the initial security measures were first implemented, including mechanisms to catch any oversights and the reporting process. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student comprehensively explains how operational managers, stakeholders, and/or individuals affected will be notified. Example is present for each. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| The student comprehensively explains organization management techniques to respond quickly to new challenges with supporting details. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| Industry standard technical writing is correct and utilized throughout. | 0 pts – 9 pts | 10 pts – 14 pts | 15 pts | |
| TOTAL | /120 | |||
| Instructor Feedback | ||||
© 2018. Grand Canyon University. All Rights Reserved.
