APUS Assignment Rubric Undergraduate Level
EXEMPLARY
LEVEL
4
ACCOMPLISHED
LEVEL
3
DEVELOPING
LEVEL
2
BEGINNING
LEVEL
1
POINTS
FOCUS/THESIS
Student exhibits a clear understanding of the assignment. Work is clearly defined to help guide the reader throughout the assignment. Student builds upon the assignment with well-documented and exceptional supporting facts, figures, and/or statements.
Establishes a good comprehension of topic and in the building of the thesis. Student demonstrates an effective presentation of thesis, with most support statements helping to support the key focus of assignment
Student exhibits a basic understanding of the intended assignment, but the formatting and grammar is not supported throughout the assignment. The reader may have some difficulty in seeing linkages between thoughts. Student has limited the quality of the assignment.
Exhibits a limited understanding of the assignment. Reader is unable to follow the logic used for the thesis and development of key themes. Assignment instructions were not followed. Student’s writing is weak in the inclusion of supporting facts or statements. Paper includes more than 25% quotes, which renders it unoriginal.
4
SUBJECT KNOWLEDGE
Student demonstrates proficient command of the subject matter in the assignment. Assignment shows an impressive level of depth of student’s ability to relate course content to practical examples and applications. Student provides comprehensive analysis of details, facts, and concepts in a logical sequence.
Student exhibits above average usage of subject matter in assignment. Student provides above average ability in relating course content in examples given. Details and facts presented provide an adequate presentation of student’s current level of subject matter knowledge.
The assignment reveals that the student has a general, fundamental understanding of the course material. Whereas, there are areas of some concerning in the linkages provided between facts and supporting statements. Student generally explains concepts, but only meets the minimum requirements in this area.
Student tries to explain some concepts, but overlooks critical details. Assignment appears vague or incomplete in various segments. Student presents concepts in isolation, and does not perceive to have a logical sequencing of ideas.
4
CRITICAL THINKING
Student demonstrates a higher-level of critical thinking necessary for undergraduate level work. Learner provides a strategic approach in presenting examples of problem solving or critical thinking, while drawing logical conclusions which are not immediately obvious. Student provides well-supported ideas and reflection with a variety of current and/or world views in the assignment
Student exhibits a good command of critical thinking skills in the presentation of material and supporting statements. Assignment demonstrates the student’s above average use of relating concepts by using a variety of factors. Overall, student provides ade.
1. APUS Assignment Rubric Undergraduate Level
EXEMPLARY
LEVEL
4
ACCOMPLISHED
LEVEL
3
DEVELOPING
LEVEL
2
BEGINNING
LEVEL
1
POINTS
FOCUS/THESIS
Student exhibits a clear understanding of the assignment. Work
is clearly defined to help guide the reader throughout the
assignment. Student builds upon the assignment with well-
documented and exceptional supporting facts, figures, and/or
statements.
Establishes a good comprehension of topic and in the building
of the thesis. Student demonstrates an effective presentation of
thesis, with most support statements helping to support the key
focus of assignment
Student exhibits a basic understanding of the intended
assignment, but the formatting and grammar is not supported
throughout the assignment. The reader may have some difficulty
in seeing linkages between thoughts. Student has limited the
quality of the assignment.
Exhibits a limited understanding of the assignment. Reader is
unable to follow the logic used for the thesis and development
of key themes. Assignment instructions were not followed.
Student’s writing is weak in the inclusion of supporting facts or
statements. Paper includes more than 25% quotes, which renders
2. it unoriginal.
4
SUBJECT KNOWLEDGE
Student demonstrates proficient command of the subject matter
in the assignment. Assignment shows an impressive level of
depth of student’s ability to relate course content to practical
examples and applications. Student provides comprehensive
analysis of details, facts, and concepts in a logical sequence.
Student exhibits above average usage of subject matter in
assignment. Student provides above average ability in relating
course content in examples given. Details and facts presented
provide an adequate presentation of student’s current level of
subject matter knowledge.
The assignment reveals that the student has a general,
fundamental understanding of the course material. Whereas,
there are areas of some concerning in the linkages provided
between facts and supporting statements. Student generally
explains concepts, but only meets the minimum requirements in
this area.
Student tries to explain some concepts, but overlooks critical
details. Assignment appears vague or incomplete in various
segments. Student presents concepts in isolation, and does not
perceive to have a logical sequencing of ideas.
4
CRITICAL THINKING
Student demonstrates a higher-level of critical thinking
necessary for undergraduate level work. Learner provides a
strategic approach in presenting examples of problem solving or
critical thinking, while drawing logical conclusions which are
not immediately obvious. Student provides well-supported ideas
and reflection with a variety of current and/or world views in
the assignment
Student exhibits a good command of critical thinking skills in
the presentation of material and supporting statements.
Assignment demonstrates the student’s above average use of
relating concepts by using a variety of factors. Overall, student
3. provides adequate conclusions, with 2 or fewer errors.
Student takes a common, conventional approach in guiding the
reader through various linkages and connections presented in
assignment. However, student presents a limited perspective on
key concepts throughout assignment. Student appears to have
problems applying information in a problem-solving manner.
Student demonstrates beginning understanding of key concepts,
but overlooks critical details. Learner is unable to apply
information in a problem-solving fashion. Student presents
confusing statements and facts in assignment. No evidence or
little semblance of critical thinking skills.
4
ORGANIZATION & FORMAT
Student thoroughly understands and excels in explaining all
major points. An original, unique, and/or imaginative approach
to overall ideas, concepts, and findings is presented. Overall
format of assignment includes an appropriate introduction, well-
developed paragraphs, and conclusion. Finished assignment
demonstrates student’s ability to plan and organize research in a
logical sequence. Student exhibits excellent format grasp with
no more than 5 APA errors.
Student explains the majority of points and concepts in the
assignment. Learner demonstrates a good skill level in
formatting and organizing material in assignment. Student
presents an above average level of preparedness, with a few
formatting errors. Assignment contains less than 5 resources.
Student exhibits good format grasp with no more than 10 APA
errors.
Learner applies some points and concepts incorrectly. Student
uses a variety of formatting styles, with some inconsistencies
throughout the paper. Assignment does not have a continuous
pattern of logical sequencing. Student uses less than 3 sources
or references. Student exhibits fair format grasp with no more
than 15 APA errors.
Assignment reveals formatting errors and a lack of organization.
Student presents an incomplete attempt to provide linkages or
4. explanation of key terms. The lack of appropriate references or
source materials demonstrates the student’s need for additional
help or training in this area. Student needs to review and revise
the assignment. Student exhibits poor format grasp with no
more than 15 APA errors.
4
GRAMMAR & MECHANICS
Student provides an effective display of good writing and
grammar. Assignment reflects student’s ability to select
appropriate word usage and present an above average
presentation of a given topic or issue. Assignment appears to be
well written with no more than 3-5 errors. Student provides a
final written product that covers the above-minimal
requirements. Student exhibits excellent format grasp with no
more than 10 contents for grammar, spelling, punctuation, or
syntax errors.
Assignment reflects basic writing and grammar, but more than 5
errors. Key terms and concepts are somewhat vague and not
completely explained by student. Student uses a basic
vocabulary in assignment. Student’s writing ability is average,
but demonstrates a basic understanding of the subject matter.
Student exhibits fair format grasp with no more than 15
grammar, spelling, punctuation, or syntax errors.
Topics, concepts, and ideas are not coherently discussed or
expressed in assignments. Student’s writing style is weak and
needs improvement, along with numerous proofreading errors.
Assignment lacks clarity, consistency, and correctness. Student
exhibits poor format grasp with more than 15 errors and did not
focus critical thinking use of critical thinking grammar APA
format subject knowledge with communities grammar, spelling,
punctuation, or syntax errors.
4
TIMELY
Turned in on time
1 day late
6. 3
Company Profile – Code Galore
4
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Background Information
Building a comprehensive business function automation
software that performs many functions (decision making in
approaching new initiatives, goal setting and tracking, financial
accounting, a payment system, and much more).
The software is largely the joint brainchild of the Chief
Technology Officer (CTO) and a highly visionary Marketing
Manager who left the company a year ago
5
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Background Information – What We Do
Financed 100% by investors who are extremely anxious to make
a profit.
7. Investors have invested more than US $35 million since
inception and have not received any returns.
The organization expected a small profit in the last two
quarters. However, the weak economy led to the cancellation of
several large orders. As a result, the organization was in the red
each quarter by approximately US $250,000.
6
Background Information – Financials
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Code Galore is a privately held company with a budget of US
$15 million per year. Sales last year totaled US $13.5 million
(as mentioned earlier, the company came within US $250,000 of
being profitable each of the last two quarters).
The investors hold the preponderance of the company’s stock;
share options are given to employees in the form of stock
options that can be purchased for US $1 per share if the
company ever goes public.
Code Galore spends about five percent of its annual budget on
marketing. Its marketing efforts focus on portraying other
financial function automation applications as ‘point solutions’
in contrast to Code Galore’s product.
7
Background Information – Financials
What we do
Org. Structure
Operational
Industry
Products
8. Sales
Financials
8
Background Information – Org. Structure
Figure 1—Code Galore Organisational Chart
CEO
CSO
VP, Finance
VP, Business
CTO
VP, Human Resources
Security
Administrator
Sales Mgr
Accounting
Dir.
Sr. Financial
Analyst
Infrastructure
Mgr.
Sys. Dev. Mgr.
HR Manager
What we do
9. Org. Structure
Operational
Industry
Products
Sales
Financials
The board of directors:
Consists of seasoned professionals with many years of
experience in the software industry
Is scattered all over the world and seldom meets, except by
teleconference
Is uneasy with Code Galore being stretched so thin financially,
and a few members have tendered their resignations within the
last few months
9
Background Information – Org. Structure
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
The CEO:
Is the former chief financial officer (CFO) of Code Galore that
replaced the original CEO who resigned to pursue another
opportunity two years ago
Has a good deal of business knowledge, a moderate amount of
experience as a C-level officer, but no prior experience as a
CEO
As a former CFO, tends to focus more on cost cutting than on
creating a vision for developing more business and getting
10. better at what Code Galore does best
Background Information – Org. Structure
10
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Engineers perform code installations. The time to get the
product completely installed and customized to the customer’s
environment can exceed one month with costs higher than US
$60,000 to the customer.
Labour and purchase costs are too high for small and medium-
sized businesses. So far, only large companies in the US and
Canada have bought the product.
C-level officers and board members know that they have
developed a highly functional, unique product for which there is
really no competition. They believe that, in time, more
companies will become interested in this product, but the
proverbial time bomb is ticking. Investors have stretched
themselves to invest US $35 million in the company, and are
unwilling to invest much more.
11
Background Information – Operational
What we do
Org. Structure
Operational
Industry
Products
11. Sales
Financials
Business function automation software is a profitable area for
many software vendors because it automates tasks that
previously had to be performed manually or that software did
not adequately support.
The business function automation software arena has many
products developed by many vendors. However, Code Galore is
a unique niche player that does not really compete (at least on
an individual basis) with other business automation software
companies.
Background Information – Industry
12
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
The product is comprehensive—at least four other software
products would have to be purchased and implemented to cover
the range of functions that Code Galore’s product covers.
Additionally, the product integrates information and statistics
throughout all functions—each function is aware of what is
occurring in the other functions and can adjust what it does
accordingly, leading to better decision aiding.
Background Information – Products
13
What we do
Org. Structure
Operational
12. Industry
Products
Sales
Financials
Sales have been slower than expected, mainly due to a
combination of the economic recession and the high price and
complexity of the product.
The price is not just due to the cost of software development; it
also is due to the configuration labour required to get the
product running suitably for its customers.
Background Information – Sales
14
What we do
Org. Structure
Operational
Industry
Products
Sales
Financials
Acquisition
Code Galore is in many ways fighting for its life, and the fact
that, four months ago, the board of directors made the decision
to acquire a small software start-up company, Skyhaven
Software, has not helped the cash situation.
Skyhaven consists of approximately 15 people, mostly
programmers who work at the company’s small office in
Phoenix, Arizona, USA. Originally, the only connection
between your network and Skyhaven’s was an archaic public
switched telephone network (PSTN).
Setting up a WAN
Two months ago, your company’s IT director was tasked with
13. setting up a dedicated wide area network (WAN) connection to
allow the former Skyhaven staff to remotely access Code
Galore’s internal network and vice versa.
You requested that this implementation be delayed until the
security implications of having this new access route into your
network were better understood, but the CEO denied your
request on the grounds that it would delay a critical business
initiative, namely getting Skyhaven’s code integrated into Code
Galore’s.
15
The Problems
Information Security
More recently, you have discovered that the connection does not
require a password for access and that, once a connection to the
internal network is established from outside the network, it is
possible to connect to every server within the network,
including the server that holds Code Galore’s source code and
software library and the server that houses employee payroll,
benefits and medical insurance information.
Fortunately, access control lists (ACLs) limit the ability of
anyone to access these sensitive files, but a recent vulnerability
scan showed that both servers have vulnerabilities that could
allow an attacker to gain unauthorised remote privileged access.
You have told the IT director that these vulnerabilities need to
be patched, but because of the concern that patching them may
cause them to crash or behave unreliably and because Code
Galore must soon become profitable or else, you have granted
the IT director a delay of one month in patching the servers.
16
The Problems – Overview
14. Bots
What now really worries you is that, earlier today, monitoring
by one of the security engineers who does some work for you
has shown that several hosts in Skyhaven’s network were found
to have bots installed in them.
Source Code
Furthermore, one of the Skyhaven programmers has told you
that Skyhaven source code (which is to be integrated into Code
Galore’s source code as soon as the Skyhaven programmers are
through with the release on which they are currently working) is
on just about every Skyhaven machine, regardless of whether it
is a workstation or server.
17
The Problems – Overview
Code Galore vs. Skyhaven Employee knowledge
Code Galore employees are, in general, above average in their
knowledge and awareness of information security, due in large
part to an effective security awareness programme that you set
up two months after you started working at Code Galore and
have managed ever since.
You offer monthly brown bag lunch events in a large conference
room, display posters reminding employees not to engage in
actions such as opening attachments that they are not expecting,
and send a short monthly newsletter informing employees of the
direction in which the company is going in terms of security and
how they can help.
Very few incidents due to bad user security practices occurred
until Skyhaven Software was acquired. Skyhaven’s employees
appear to have almost no knowledge of information security.
15. You also have discovered that the Skyhaven employee who
informally provides technical assistance does not make backups
and has done little in terms of security configuration and patch
management.
18
The Problems – Overview
19
Your Role
Hired two years ago as the only Chief Security Officer (CSO)
this company has ever had.
Report directly to the Chief Executive Officer (CEO).
Attend the weekly senior management meeting in which goals
are set, progress reports are given and issues to be resolved are
discussed.
The Information Security Department consists of just you; two
members of the security engineering team from software are
available eight hours each week.
10 years of experience as an information security manager, five
of which as a CSO, but you have no previous experience in the
software arena.
Four years of experience as a junior IT auditor.
Undergraduate degree in managing information systems and
have earned many continuing professional education credits in
information security, management and audit areas.
Five years ago, you earned your CISM certification.
The focus here is not on a business unit, but rather on Code
Galore as a whole, particularly on security risk that could
cripple the business.
16. Due primarily to cost-cutting measures the CEO has put in
place, your annual budget has been substantially less than you
requested each year.
Frankly, you have been lucky that no serious incident has
occurred so far. You know that in many ways your company has
been tempting fate.
You do the best you can with what you have, but levels of
unmitigated risk in some critical areas are fairly high.
Your Role and the Business Units
20
Mr. Wingate’s focus on cost cutting is a major reason that you
have not been able to obtain more resources for security risk
mitigation measures.
He is calm and fairly personable, but only a fair communicator,
something that results in your having to devote extra effort in
trying to learn his expectations of your company’s information
security risk mitigation effort and keeping him advised of risk
vectors and major developments and successes of this effort.
21
Your Role and the CEO, Ernest Wingate
Code Galore’s IT director is Carmela Duarte. She has put a
system of change control into effect for all IT activities
involving hardware and software.
This system is almost perfect for Code Galore—it is neither
17. draconian nor too lax and very few employees have any
complaints against it.
You have an excellent working relationship with her, and
although she is under considerable pressure from her boss, the
CTO, and the rest of C-level management to take shortcuts, she
usually tries to do what is right from a security control
perspective.
She is working hard to integrate the Skyhaven Software network
into Code Galore’s, but currently, there are few resources
available to do a very thorough job. She would also do more for
the sake of security risk mitigation if she had the resources.
Carmela has worked with Code Galore since 2006, and she is
very much liked and respected by senior management and the
employees who work for her.
22
Your Role and the IT Director, Carmela Duarte
You believe that Code Galore’s (but not Skyhaven Software’s)
security risk is well within the risk appetite of the CEO and the
board of directors.
You have a good security policy (including acceptable use
provisions) and standards in place, and you keep both of them
up to date.
You have established a yearly risk management cycle that
includes asset valuation, threat and vulnerability assessment,
risk analysis, controls evaluation and selection, and controls
effectiveness assessment, and you are just about ready to start a
controls evaluation when you suddenly realise that something
24. encrypted, leaving sensitive data exposed to vulnerabilities and
potential losses. There is a need to review the business
continuity and disaster management plan. This should be done
with a deep understanding of the current problem. Currently,
there are 700 laptops presently in service. These
Single Loss Expectancy (SLE)
This is a risk assessment tool, which is the monetary value
experienced when there is a risk on an asset. It is a single loss
that the institution will suffer.
SLE== Asset Value X Exposure Factor
$49000 X 0.99 X 700
=$33,957,000
Annualized Rate of Occurrence (ARO)
This is the projected frequency of a threat happening in a year.
48 computers lost between Apr 2009 and April 2011
Hence 24 computers lost in one year. Hence the threat on a
single laptop or mobile is
24/700=0.034
Annualized Loss Expectancy (ALE)
It is based on the probability of an event occurring. Therefore,
you multiply the annualized rate of occurrence (ARO) by Loss
of Expectancy (SLE)
ALE =SLE X ARO
ALE=$33,957,000 X 0.034
=US$1,154,538
Safeguard Value
Risk mitigation controls monetary expense. This helps
determine the financial feasibility and effectiveness. The
assumption is that all the proposed risk control measures are
implemented correctly.
Safeguard value is based on the hardware and software cost that
you invest in protecting your information in case of software
theft.
Software solutions
Altiris Manageability toolkit is available hardware per every
25. node is US$18
https://www.marketscreener.com/ALTIRIS-8486/news/Altiris-
Altiris-Ships-New-Toolkit-to-Sucnet.com/products/altiris-
manageability-toolkit-for-intel-vpro-technology-essential-
support-renewal-series/pport-Intel-vPro-1-Technology-for-
Efficient-IT-Service-Man-273906/?iCStream=1
$ 18 X700
=12600
Support license for the network
12600+$80000
Cost of software USD92,600
Value of Safeguard=ALE before the implementation of
safeguard-ALE after safeguard -Annual cost of protection.
Sheet1CategoryProbability(0.0-1.0)Impact(0-100)Risk
Level(PXI)Description1Zombles0.02901.8Zombie Apocalypse
causes wide spread panic and physical security threats to staff,
property and business operations2Natural Disaster0.12607.2the
location of business may expose it to particular national
disasters. This may be long term or short term. Rains may
inturupt power supply. 3Threat of Breach from consumer
error0.43012Consumer may expose the system or account by
commission or ommission. This puts own data and others data at
risk. 4Breach Through Vendor Network0.454520.25A threat
from the faults of the service providers security system may
expose the data to threat. 5Malware0.87560Malwares will
mostly be sent through other communication or may be brought
. They pause the threat of data exposure6Inside
Misuse0.78559.5Employees handle a lot of company data and
can be threat to the organisation by sharing it or even exposing