Information Technology Risk Analysis and Cyber Security Policy Part 1 Guidelines and Rubric.
The first component of the summative assessment for this course is the development and creation of a risk analysis paper. The assessment will allow students the opportunity to investigate international and U.S. cyberlaws; state statutes; criminal, civil, private, and public laws; and ethics and then compare them within the current cyber business model of an organization to identify any implications for information technology. Students will research their chosen organization, studying the business models, to identify key areas of potential risk due to the business activities and industry.
Prompt: Submit a comprehensive risk analysis paper that identifies the cyberlaw foundations that affect the current information technology business model. The framework for the assessment will include how the business model ensures that their current cyber practices are both legal and ethical.
Specifically the following critical elements must be addressed:
- Define and evaluate the information technology business model of the organization.
- Analyze the precise cyber-security laws, private and public laws, state statutes, criminal and civil laws, and ethical guidelines that are pertinent to the organization.
- Evaluate the current cyberlaws, regulations, and policies within the organization as they relate to the organization’s information systems.
- Cyberlaw crimes
- Evaluate how cyber-related crimes should be investigated and handled within an organization.
- Analyze the impact that these cyber-crimes can have on an organization’s information technology structure.
- Evaluate the appropriate information security measures that should be in place to safeguard an organization’s information.
- Cyber-crime and e-commerce
- Analyze the organization’s current information systems security measures in place that allow users to access the organization’s data.
- Evaluate the current cyberlaws to ensure that they protect the organization’s data against outside intrusion.
Rubric
Guidelines for Submission: Your paper must be submitted as a three- to five-page Word document with double spacing, 12-point Times New Roman font, one-inch margins, and at least three sources cited in APA format.
| Critical Elements | Exemplary (100%) | Proficient (90%) | Needs Improvement (70%) | Not Evident (0%) | Value |
| Business Model Evaluation | Meets “Proficient” criteria substantiated with examples to support rationale to support evaluation | Evaluates the organization’s information technology business model
|
Minimally evaluates the organization’s information
technology business model
|
Does not evaluate the organization’s information technology business model | 10 |
| Organization Analysis | Meets “Proficient” criteria substantiated with research to support rationale | Analyzes the precise cybersecurity laws, private and public laws, state statutes, criminal and civil laws, and ethical guidelines that are pertinent to the organization | Analysis of the precise cybersecurity laws, private and public laws, state statutes, criminal and civil laws, and ethical guidelines that are pertinent to the organization is lacking in detail or accuracy | Analysis of the precise cybersecurity laws, private and public laws, state statutes, criminal and civil laws, and ethical guidelines that are pertinent to the organization is not evident | 10 |
| Evaluation of
Organization’s Information Systems |
Meets “Proficient” criteria substantiated with specific examples to support the evaluation | Evaluates the current cyberlaws, regulations, and policies within the organization as they relate to the organization’s information
systems |
Evaluation of the current cyberlaws, regulations, and policies within the organization as they relate to the organization’s information
systems is lacking in detail or accuracy |
Evaluation of the current cyberlaws, regulations, and policies within the organization as they relate to the organization’s information systems is not evident | 10 |
| Cyberlaw Crimes: Investigation | Meets “Proficient” criteria supported with research-based evidence | Evaluate how cyber-related crimes should be investigated and handled within an organization | Evaluation of how cyber-related crimes should be investigated and handled within an organization is minimal | Evaluation of how cyber-related crimes should be investigated and handled within an organization is not evident | 10 |
| Cyberlaw Crimes: Impact | Meets “Proficient” criteria substantiated with evidence and examples to support analysis | Analyzes the impact that the cyber-crimes can have on an organization’s information technology structure | The impact that the cybercrimes can have on an organization’s information technology structure is minimally analyzed | Impact that cyber-crimes can have on an organization’s information technology structure is not evident | 10 |
| Cyberlaw Crimes:
Information Security Measures |
Meets “Proficient” criteria supported with research-based evidence to support the
suggested security measures recommended |
Evaluates the appropriate information security measures that should be in place to safeguard an organization’s information | Evaluation of the appropriate information security measures that should be in place to safeguard an organization’s information is lacking in detail | Evaluation of the appropriate information security measures that should be in place to safeguard an organization’s information is not evident | 10 |
| Cyber-Crime and ECommerce:
Information Systems Security Measures |
Meet “Proficient” criteria substantiated with examples to support analysis of the current information systems security measures | Analyzes the organization’s current information systems security measures that allow users to access the organization’s data | Minimally analyzes the organization’s current information systems security measures in place that allow users to access the organization’s data | Does not analyze the organization’s current information systems security measures in place that allow users to access the organization’s data | 15 |
| Cyber-Crime and ECommerce:
Cyberlaw Protection |
Meets “Proficient” criteria supported with examples to illustrate findings | Measures the current cyberlaws to ensure that they protect the organization’s data against outside intrusion | Insufficiently measures the current cyberlaws to ensure that they protect the organization’s data against outside intrusion | Does not measure the current cyberlaws to ensure that they protect the organization’s data against outside intrusion | 15 |
| Articulation of Response | Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy-to-read format | Submission has no major errors related to citations, grammar, spelling, syntax, or organization | Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas | Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas | 10 |
| Earned Total | 100% |
