MGT 433: Grading Rubric

MGT 433:

MGT 433: Building, Deploying and Maintaining a High Impact Awareness Program - Grading Rubric

V1.3.1 - 05 August 2014

Below is the assignment that covers BOTH the substitute for the exam and the written assignment for M433 Building, Maintaining and Measuring a High-Impact Security Awareness Program:

Note: We strongly recommend you develop and custom this plan specific to your organization's needs. Our goal for this project is for you to develop a customized project plan that you will be able to use. If that is not possible, we recommend you plan a security awareness program for a local non-profit or community organization, something that will directly benefit the organization. If neither option is possible, then a case-study point of view is acceptable.

You will develop and deliver a customized security awareness plan for a specific organization based on the processes covered in MGT 433. This plan can be designed either for a new program or improving an existing one. The plan must include, but is not limited to the following information.

  1. A Project Charter.
  2. Identify and document the Stakeholders in a Stakeholder matrix and the Steering Committee members in a Steering Committee matrix.
  3. Create an execution plan that identifies the following.
    1. WHO: Identify and define the roles you will be targeting for your security awareness program. Be sure to also document why you selected those targets.
    2. WHAT: Identify the top human risks (topics) that will be addressed in your security awareness program. Include an explanation of why you selected these and how they reduce the most risk. Be sure you do not simply pick and repeat the topics covered in the class, but select topics specific to your organization.
    3. HOW: Identify how you will communicate those topics for your selected targets. For example how will you engage your organization based on its culture? What are the different methods you will use to communicate, and how often? Also, is there any language or learning requirements unique to your organization?
    4. Document an execution timeline, including material development, initial rollout, annual training scheduling, and reinforcement training. You can present your timeline as a word document, spreadsheet, GANTT chart or in any other format. You are not required to have specific dates; instead we are looking to ensure you include all key milestones and proper time and order for each of the activities.
    5. Document how you will review and update your security awareness program. How often will you update the program, who will be involved, and what will you be focusing on?
    6. Develop and document a plan for metrics to measure both the deployment and the impact of your security awareness program.
  4. While not required, additional points are awarded for example materials you can provide that will be used in your awareness program, such as newsletters, posters, hand-outs, calendars, or presentations.

The project should be delivered as a single .zip compressed file containing the following documents. As a resource to assist you, you can use the templates and other resources found in the Security Awareness Planning Kit at However you are not required to use these templates and are welcome and encouraged to develop and use your own document styles or formatting.

  1. Project charter.
  2. Stakeholder matrix.
  3. Steering Committee matrix.
  4. Execution plan documenting WHO, WHAT, HOW, project schedule, annual update process and metrics. This is the document that is ultimately sent to your management for review and approval. This is the plan that you will use to deploy your awareness program.
  5. Single document containing the learning objectives for each of the ten topics identified as part of WHAT. Be sure to have each new topic start on a new page in the document for easier reading. This document is one of the primary resources you use for developing your content.
  6. Single document containing the learning objectives for each of the topics identified as part of WHAT. Be sure to have each new topic start on a new page in the document for easier reading. This document is one of the primary references as you develop your materials for your content. Anytime you are communicating about a specific topic, you refer to the Learning Objectives document to ensure your message is covering all the key points and is consistent.
  7. An optional folder containing any example materials you intend to use.