Congratulations! You have just been hired by a major security consulting firm that has recently won several contracts to support chief information security officers (CISOs) in the Washington, DC, area. As part of your first consulting assignment, you have been asked to research and write a short case study (three pages) in which you discuss the legal environment (i.e., policies, regulations, and laws) and its impact upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability of information and information systems. You have one week to complete your assignment.
The immediate audience for your case study is a group of senior managers (stakeholders) in a client organization who are not familiar with information security laws and practices. These managers need a brief overview of the legal environment to assist them in reviewing and commenting upon a new governance policy for their organization’s information security program. Your case study should be general enough, however, that it can be reused with other clients.
Your supervisor has also given you a “heads up” about a trap that previous consultants have missed when completing similar work for other clients: the termpolicy has two meanings that you must address: (a) government policies (e.g., those issued by federal, state, local, or tribal governments) and (b) organizational policies(e.g., those written to guide an organization’s compliance with laws, regulations, and policies).
Remember to cite your sources in APA format and use only authoritative/scholarly sources such as journal articles, books, government documents, and other industry publications (e.g., trade journals or magazines for health care or security professionals). The title page and list of references are not included in the required page count.
Hide Rubrics
Rubric Name: Law and Policy Case Study
Criteria Level 4 Level 3 Level 2 Level 1
Overview of Legal Environment 10 points
Clearly provides brief overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)
8 points
Basically provides brief overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)
6 points
Weak overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)
4 points
Little or no brief overview of legal environment using language appropriate for non IT managers (constitutional law, administrative law, civil law, criminal law, due care, due diligence, fiduciary duty, etc.)
Applicable InfoSec Laws and Practices 10 points
Clearly discusses at least 5 specific applicable InfoSec related laws and practices.
8 points
Basically discusses at least 4 specific applicable InfoSec related laws and practices.
6 points
Weakly discusses at least 3 specific applicable InfoSec related laws and practices.
4 points
Little or no discussion of 2 or less specific applicable InfoSec related laws and practices.
Impact of Policies, Regulations and Laws 10 points
Clearly discusses the impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.
8 points
Basically discusses the impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.
6 points
Weakly discusses the impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.
4 points
Little or no discussion of impact of policies, regulations, and laws upon how an organization (e.g., business, government agency, nonprofit) ensures the confidentiality, integrity, and availability (CIA) of information and information systems.
CIA Discussion 10 points
Clearly discusses CIA from the perspective of legal & regulatory requirements.
8 points
Basically discusses CIA from the perspective of legal & regulatory requirements.
6 points
Weak discussion of CIA from the perspective of legal & regulatory requirements.
4 points
Little or no discussion of CIA from the perspective of legal & regulatory requirements.
Governance Policy Discussion 10 points
Clearly defines and discusses governance policy (an organization level policy).
8 points
Basically defines and discusses governance policy (an organization level policy).
6 points
Weakly defines or discusses governance policy (an organization level policy).
4 points
Little or no definition or discussion of governance policy (an organization level policy).
Recommendations for Governance Policy 10 points
Clearly applies CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)
8 points
Basically applies CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)
6 points
Weakly applies CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)
4 points
Little or no application of CIA to recommendations for development of a governance policy for an organization’s InfoSec program. (How should the organization-wide review of the IT security policy be conducted?)
Distinguishes government and organization policies 10 points
Incorporates information about and distinguishes between government and organization policies.
8 points
Basically incorporates information about and distinguishes between government and organization policies.
6 points
Weakly incorporates information about or distinguishes between government and organization policies.
4 points
Incorporates little or no information about or distinguishes between government and organization policies.
Finds and Applies New Knowledge 10 points
Used at least 5 authoritative or scholarly sources. No APA errors in citing material in presentation.
8 points
Used 3-5 authoritative or scholarly sources. Less than 5 APA citing errors.
6 points
Used 1-2 authoritative or scholarly sources. Less than 10 APA citing errors.
4 points
Used 1-2 authoritative or scholarly sources or no sources cited. Had more than 10 APA citing errors.
Organization, Execution & Appearance 20 points
Prepared MS Word document, used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. No grammar, use of first/second person, spelling or punctuation errors.
15 points
MS Word document didn’t follow at least one of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. Less than 5 grammar errors, use of first/second person, spelling or punctuation errors.
10 points
MS Word document didn’t follow at least two of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. Less than 10 grammar errors, use of first/second person, spelling or punctuation errors.
5 points
Non MS Word document didn’t follow at least three or more of the following: used consistent formatting, section subheadings, submitted one file, used instructor provided template, correct coversheet and separate reference page and meets minimum page count. More than 10 grammar errors, use of first/second person, spelling or punctuation errors.
Overall Score Level 4
35 or more Level 3
26 or more Level 2
17 or more Level 1
0 or more
above is the grading rubric for how it will be grade please do the best to get the highest grade possible