IT 552 Milestone Two Guidelines and Rubric In Module Four, you will submit 10 security policies as part of the planned solution to mitigate the 10 security gaps identified in the Case Document. There should be one policy per security gap idenitifed in the Case Document. Consider policies that address topics such as remote access, encryption and hashing (to control data flow), auditing network accounts, configuration change management (to reduce unintentional threats), segregation of duties, mandatory vacation (to mitigate intentional threats), personally identifiable information breaches, media protection, and social engineering. This milestone focuses on security functionality, and each policy should be no longer than one page. Specifically, the following critical elements must be addressed:
a) What is your proposal for mitigating the identified human factors that pose a threat to the organization’s security posture? Describe the specific policies, processes, and practices that must be in place to address each of the following.
i. Unintentional Threats: What strategies can protect against human errors made due to cognitive factors? What strategies can protect against human errors made due to psychosocial and cultural factors?
ii. Intentional Threats: What strategies can protect against social engineering? b) Data Flow: How do you make sure that the data sender and the data receiver have a sound connection? How do you ensure that data is not tampered
with or altered from its intended meaning? What strategies do you propose to address poor communication? Guidelines for Submission: Your paper must be submitted as a 10-page Microsoft Word document, with double spacing, 12-point Times New Roman font, and one-inch margins, in APA format. Each policy should be no longer than one page.
Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value
Human: Unintentional
Threats
Meets “Proficient” criteria and proposes evidence-based solutions for effectively protecting against unintentional human errors
Proposes specific policies, processes, and practices to protect against unintentional human errors, including cognitive, psychosocial, and cultural factors
Insufficiently proposes specific policies, processes, and practices to protect against unintentional human errors, including cognitive, psychosocial, and cultural factors
Does not propose policies, processes, or practices for protecting against unintentional human errors
25
Human: Intentional Threats
Meets “Proficient” criteria and proposes evidence-based solutions for effectively protecting against intentional human threats
Proposes specific policies, processes, and practices to protect against intentional human threats, including social engineering
Specific policies, processes, and practices to protect against intentional human threats, including social engineering are minimally described
Does not propose policies, processes, or practices for protecting against intentional human threats, including social engineering
25
Organizational: Data Flow
Meets “Proficient” criteria substantiated with evidence- based solutions for effectively protecting against inoperative organizational factors associated with data flow
Proposes specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow
Specific policies, processes, and practices for protecting against inoperative organizational factors associated with data flow are lacking in detail
Does not propose policies, processes, or practices for protecting against inoperative organizational factors associated with data flow
25
Articulation of Response
Submission is free of errors related to citations, grammar, spelling, syntax, and is presented in a professional and easy-to-read format
Submission has no major errors related to citations, grammar, spelling, or syntax
Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas
Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent the understanding of ideas
25
Earned Total 100%