MGT 438: Grading Rubric

MGT 438:

MGT 438: How to Establish a Security Awareness Program - Grading Rubric

V1.0 - June 3, 2010

Below is the assignment that covers BOTH the substitute for the exam and the Written Assignment for M438 How to Establish a Security Awareness Program:

  1. You will write ten security tips of the day. For samples of tips of the day, see the SANS Tip of the Day.
    • Your tips should not be the same or too similar to the existing tips that are posted.
  2. For the Presentation and Poster, submit your proposed topic to for review.
    • You need to provide support for why you believe it is an important topic.
    • The "Security Awareness Topic Worksheet" below gives guidelines on how to make this assessment.
    • General Parameters: Prepare an awareness poster, and a short presentation (five slides). They should be related, and should address important issues (for example, why is it the answer, or why is needed, etc.).
  3. Your work must be graduate level work.

STI may post passing papers to Student Projects and/or the SANS Tip of the Day.

SECURITY AWARENESS TOPIC WORKSHEET (review this worksheet before making your proposal):

Please support your choice of topic of an awareness presentation and poster by answering the following questions:

  1. Search for, review and assess any available current awareness and training material. __ Is there existing material on this topic that can be easily found? __ If so, why do you feel this is an important topic for you to work on? __ In particular, if another STI student has done this topic, you must have explicit permission to duplicate the topic. __
  2. Are there any findings and/or recommendations from oversight bodies (e.g., Congressional inquiry, inspector general, internal review/audit, and internal controls program, respected vulnerability reports) that indicate this topic is important and there should be awareness material created for this topic?
  3. Have you conducted conversations and interviews with management, owners of general support systems and major applications, and other organization staff whose business functions rely on IT who have suggested your proposed topic is a priority to cover? __
  4. Can you list published problems (such as denial of service attacks, website defacements, hijacking of systems used in subsequent attacks, successful virus attacks) that might indicate the need for training (or additional training) of specific groups of people? __ Please list supporting URLs. __
  5. Has a technical or infrastructure change occurred that indicates the need for awareness training on a particular topic? __ If so, please describe. __