Industry Profile: Part 1 (Acquisition & Procurement Risk )

Provided an excellent overview of the cybersecurity industry as a whole. Answered the questions: (a) Why does this industry exist? and (b) How does this industry benefit society? Addressed sources of demand for cybersecurity products and services. Appropriately used information from 3 or more authoritative sources. (Reuse of narrative from Case Study #3 is permitted).

Provided an outstanding overview of the cybersecurity industry as a whole. Answered the questions: (a) Why does this industry exist? and (b) How does this industry benefit society? Addressed sources of demand for cybersecurity products and services. Appropriately used information from 2 or more authoritative sources. (Reuse of narrative from Case Study #3 is permitted).

Provided an brief introduction to the cybersecurity industry. Addressed why the industry exists and how the industry benefits society. Addressed sources of demand for cybersecurity products and services. Appropriately used information from authoritative sources. (Reuse of narrative from Case Study #3 is permitted).

Provided an introduction to the industry but the section lacked some required details. Information from authoritative sources was cited and used in the overview.

Attempted to provide an introduction to the industry but this section lacked detail and/or was not well supported by information drawn from authoritative sources. 

The introduction section was missing or did not present information about the cybersecurity industry.

Provided an excellent overview of the operational risks and sources of operational risks which could affect suppliers of cybersecurity related products and services. Addressed the potential impacts on products & services (compromised security). Discussed the potential impact of such compromises upon buyers and the security of buyers’ organizations (risk transfer). Appropriately used and cited information from 3 or more authoritative sources.

Provided an outstanding overview of the operational risks which could affect suppliers of cybersecurity related products and services. Addressed the potential impacts on products & services (compromised security). Discussed the potential impact of such compromises upon buyers and the security of buyers’ organizations (risk transfer). Appropriately used and cited information from 2 or more authoritative sources.

Discussed operational risks and sources of operational risks which could affect suppliers of cybersecurity related products and services. Addressed the possible impacts on products & services and the impacts upon the security of buyers’ organizations (risk transfer). Appropriately used and cited information from authoritative sources.

Provided information about operational risks and sources of operational risks which could impact sellers and buyers of cybersecurity products and services.  Appropriately used and cited information from authoritative sources.

Provided a discussion of operational risk as it applies to the cybersecurity industry. The discussion lacked detail and/or was not well supported by information drawn from authoritative sources.

This section was missing, off topic, or failed to provide information about operational risks and the impacts thereof.

Provided an excellent discussion of product liability in the cybersecurity industry. Summarized the current legal environment and discussed the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. Appropriately used information from 3 or more authoritative sources.

Provided an outstanding discussion of product liability in the cybersecurity industry. Summarized the current legal environment and discussed the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. Appropriately used information from 2 or more authoritative sources.

Discussed product liability in the cybersecurity industry. Summarized the current legal environment and discussed the potential impact upon buyers who suffer harm or loss as a result of purchasing, installing, and/or using cybersecurity products or services. The discussion was supported by information drawn from authoritative sources.

Attempted to provide a discussion of product liability in the cybersecurity industry. Mentioned the potential impact upon buyers who suffer harm or loss related to the use of cybersecurity products or services. The discussion was supported by information drawn from authoritative sources.

Mentioned product liability but the section was lacking in details and/or was not well supported by information from authoritative sources.

This section was missing, off topic, or failed to address product liability.

Provided an excellent discussion of the role that standards and governance processes should play in ensuring that acquisitions and procurements (purchases) of cybersecurity products and services meet the buyer’s security requirements.  Discussed specific governance process examples from COBIT®,ITIL®, and ISO/IEC 27002. Appropriately used information from 3 or more authoritative sources. 

Provided an outstanding discussion of the role that standards and governance processes should play in ensuring that acquisitions and procurements (purchases) of cybersecurity products and services meet the buyer’s security requirements.  Discussed specific governance process examples from two of the three frameworks (COBIT®, ITIL®, and ISO/IEC 27002). Appropriately used information from 2 or more authoritative sources.

Discussed the role that standards and governance processes should play in ensuring that acquisitions and procurements (purchases) of cybersecurity products and services meet the buyer’s security requirements.  Mentioned the use of processes from COBIT®,ITIL®, or ISO/IEC 27002. Appropriately used information from authoritative sources.

Provided a discussion of the role that standards and governance processes should play during the purchase of cybersecurity products or services.Appropriately used information from authoritative sources.

Attempted to provide a discussion of the role that standards and governance processes should play during the purchase of cybersecurity products or services but the discussion was substantially lacking in details and/or was not well supported by information from authoritative sources.

Section was missing, off topic, or did not mention governance frameworks and standards.

Provided an excellent summary and conclusions section which presented a summary of findings including 3 or more reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Provided an outstanding summary and conclusions section which presented a summary of findings including 2 or more reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Provided a summary and conclusions section which presented a summary of findings including the reasons why product liability (risk transfer) is a problem that must be addressed by both suppliers and purchasers of cybersecurity related products and services.

Summarized findings which mentioned product liability problems in the cybersecurity industry.

Included a summary but did not mention product liability and/or was not well supported by information from authoritative sources.

Summary and conclusions were missing.

Demonstrated excellence in the integration of standard cybersecurity terminology into the case study.

Provided an outstanding integration of standard cybersecurity terminology into the case study.

Integrated standard cybersecurity terminology into the into the case study

Used standard cybersecurity terminology but this usage was not well integrated with the discussion.

Misused standard cybersecurity terminology.

Did not integrate standard cybersecurity terminology into the discussion.

Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate APA style for each type of resource.

Work contains a reference list containing entries for all cited resources. One or two minor errors in APA format for in-text citations and/or reference list entries.

Work contains a reference list containing entries for all cited resources. No more than 3 minor errors in APA format for in-text citations and/or reference list entries.

Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in APA format for in-text citations and/or reference list entries.

Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the APA formatting standard as defined in the Publication Manual of the American Psychological Association (6^th ed.).

Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.

Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.

Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).

Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.

Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.

Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.

No work submitted.

No formatting, grammar, spelling, or punctuation errors.

Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.

Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.

Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance.

Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.

No work submitted.