Assignment 1 Grading Rubric

Course: IT286 Unit: 9 Points: 30

NOTE: Unit 9 has two Assignments: Assignment 1 and Assignment 2. Each will be submitted to their
individual Dropbox.

Unit 9, Assignment 1

Outcomes addressed in this activity:

Examine social engineering attacks.

Analyze the appropriate type of mitigation and deterrent techniques for social engineering attacks.
Compare physical security and environmental controls.

Course outcome:

IT286-5: Explore social engineering, security administration, disaster recovery and incident response

Instructions:

NOTE: You will have two parts to Assignment 1 that will be submitted as one file through the Assignment 1
Dropbox.

Requirements:

Part 1 of this assignment includes short essay, descriptive tables and screen captures demonstrating an
understanding of the topics. Any resource used including the textbook should be properly cited.

Documents should be submitted using APA Style (double-spaced with a title page and a reference page).
Essays should be separated into sections by the Assignment Part number and the question number.

Assignment 1, Part 1

1, In a short essay, explain the quote from The Art of Deception:

The human factor is truly security's weakest link.
Discuss two policies you would implement to strengthen this weak link. Name at least two Social Engineering
attacks that your two policies should thwart.

Source: Metnick, K & Simon W. (2002). The art of deception: Controlling the human element of security. New
York, NY: Wiley and Sons.

2. Access control is the goal of physical security. Create a table that outlines four types of physical access
control.
Physical Control Description Example

3. Create a table to list and define the six control types shown in the textbook.
Control Type Definition Example

Copyright Kaplan University

 Assignment 1 Grading Rubric
Course: IT286 Unit: 9 Points: 30

4. In a short essay explain why a network administrator needs to be concerned with the HVAC (heating,
ventilation and air conditioning) and fire suppression systems? Name two policies you would implement
concerning fire in the IT area.

Assignment 1, Part 2

Lab Questions and Screen Captures

1. Create a System Repair Disk

This lab requires Windows 7 or Windows 8.
If the operating system on your Windows workstation becomes corrupted, the system recovery options can
help you repair it. This often requires the use of the System Repair Disk. Of course, you must create one
before the system has trouble!

a. Select the Start button. In the Search box, type Create a System Repair Disk.
b. Select the program from the pop-up menu and a dialog box appears listing the drives on your machine.
Choose a drive, insert a blank CD or DVD in the drive, and click Create Disk. Take a screen capture of the
dialog box.
The bootable disk will be created. Be sure to label it and store it in a safe place.

2.Data Policy
A wise network administrator will implement a strict data policy. Data policy for disk wiping (also called
sanitation) is the permanent removal or destruction of the data stored on a device. Disk disposal is the process
of destroying the entire data device. The device can be a memory chip or a permanent storage device such as
a thumb drive, flash drive, CD/DVD, hard disk or other storage medium. If the device is to be retained, then
sanitation software must be used to permanently overwrite the data.
Research disk wiping/sanitation software and make a recommendation based on the products features. Take
a screen capture of the websites list of features.
Examples:

- SDelete from Microsoft deletes files and directories or it can be used to cleanse the free space on a logical
disk.
Copyright Kaplan University
 Assignment 1 Grading Rubric
Course: IT286 Unit: 9 Points: 30

- DBAN is free erasure software home users.

- R-Wipe & Clean is a complete R-Tools solution to wipe useless files and maintain your computer privacy.

3. Social Engineering Prevention Plan

Consider the following scenario:
Your company is the target of a corporate espionage plot. You have been notified that a social engineer has
been assigned to obtain the plans to your new product. Your infrastructure security will not stop this threat.
What should you do?
Create a short four step plan to stop this attack. How would you test your plan?

Review the grading rubric below before beginning this activity:

Unit 9, Assignment 1 grading rubric = 30 points

Points Points
Assignment Requirements Possible Earned

Part 1: Essay Questions

1. In a short essay explain the quote from The Art of 05
Deception: The human factor is truly security's
weakest link.
Discuss two policies you would implement to
strengthen this weak link. Name at least two Social
Engineering attacks that your two policies should
thwart.

2. Access control is the goal of physical security. 05

Create a table that outlines four types of physical
access control.
Physical Control Description Example

3. Create a table to list and define the six control 05

types shown in the textbook.
Control Type Definition Example

4. In a short essay explain why a network 05

administrator needs to be concerned with the HVAC
(heating, ventilation and air conditioning) and fire
suppression systems? Name two policies you would
implement concerning fire in the IT area.

Part 2: Lab Questions and Screen Captures

1. Create a System Repair Disk. Take a screen 03

capture.
Copyright Kaplan University
 Assignment 1 Grading Rubric
Course: IT286 Unit: 9 Points: 30

2. Data Policy. Research the disk wiping software 03

and make a recommendation based on the
products features. Take a screen capture of the
project features.

3. Social Engineering Prevention Plan. Create a 04

four step plan to stop an attack. How would you
test your plan?

Total (Sum of all points) 030

Less deduction taken for spelling, grammar, and APA

errors. Plagiarism is totally unacceptable.

New total after deductions

Copyright Kaplan University