Need the attached completed in 3 days. Please follow the rubric and use the attached case study. Executive SummaryExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or UnacceptableExecutive Summary for the Policy Briefing Package10 pointsThe Executive Summary provided an excellent summary of the policy package's purpose and contents. Information about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was well organized and easy to read.8.5 pointsThe Executive Summary provided an outstanding summary of the policy package's purpose and contents. Information about the case study company was integrated into the summary. Each policy in the briefing package was individually introduced and briefly explained. The material was well organized and easy to read.7 pointsThe Executive Summary provided an acceptable overview of the contents of the policy package. Information about the case study company was used in the summary. Each policy in the briefing package was named and briefly explained.6 pointsThe Executive Summary provided an overview of the policy package. Information about the case study company was mentioned.4 pointsAn executive summary was provided but lacked details as to the purpose and contents of the policy package. (Or, inappropriate or excessive copying from other authors' work.)0 pointsNo work submitted.Policy for IT Security Policy Compliance AuditsExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or UnacceptablePolicy Introduction10 pointsThe policy contained an excellent introduction which addressed five or more specific characteristics of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.8.5 pointsThe policy contained an outstanding introduction which addressed three or more specific characteristics of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.7 pointsThe introduction for the policy was customized for the case study company. Three or more specific characteristics of the company's business, legal & regulatory, and/or enterprise IT environments were incorporated into the policy. Compliance requirements were addressed.6 pointsThe introduction to the policy mentions the case study company and compliance requirements.4 pointsThe policy was built from a sample template or list of "recommended" audit policy contents without customization for the case study company. (Or, inappropriate or excessive copying from other authors' work.)0 pointsNo work submitted.Policy Content10 pointsThe issue specific policy provided excellent (clear and concise) coverage of the following:policy issue (do required policies exist and have they been properly vetted & approved)policy solution (auditing all IT security policies to determine compliance with security controls)applicability (to what and to whom the policy applies)compliance requirementspoint of contact (for more information)The policy was easy to understand and thoroughly covered the required content.8.5 pointsThe issue specific policy provided outstanding coverage of the following:policy issue (do required policies exist and have they been properly vetted & approved)policy solution (auditing all IT security policies to determine compliance with security controls)applicability (to what and to whom the policy applies)compliance requirementspoint of contact (for more information)The policy was easy to understand and addressed all required content.7 pointsThe issue specific policy provided adequate coverage of the following:policy issue (do required policies exist and have they been properly vetted & approved)policy solution (auditing all IT security policies to determine compliance with security controls)applicability (to what and to whom the policy applies)compliance requirementspoint of contact (for more information)The policy was easy to understand and included all required content.6 pointsThe issue specific policy mentioned at least 3 of the following:policy issue (do required policies exist and have they been properly vetted & approved)policy solution (auditing all IT security policies to determine compliance with security controls)applicability (to what and to whom the policy applies)compliance requirementspoint of contact (for more information)4 pointsThe issue specific policy was disorganized and difficult to understand. OR, the policy was significantly lacking in content. (Or, inappropriate or excessive copying from other authors' work.)0 pointsNo work submitted.Audit PlansExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or UnacceptableSecurity Awareness Audit Plan: Audit Background10 pointsThe Security Awareness audit plan contained an excellent background section which identified and discussed 5 or more risks which drive the requirements and objectives for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were identified and discussed. Contact information was provided for the audit manager. Information from the case study was well integrated into the background material.8.5 pointsThe Security Awareness audit plan contained an outstanding background section which identified and discussed 3 or more risks which drive the requirements and objectives for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were identified and discussed. Contact information was provided for the audit manager. Information from the case study was well integrated into the background material.7 pointsThe Security Awareness audit plan contained an acceptable background section which discussed one or more risks which drive the requirements and objectives for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were discussed. Contact information was provided for the audit manager. Some information from the case study was integrated into the background material.6 pointsThe background section mentions risks as drivers for the Security Awareness audit. Security controls and compliance requirements were mentioned. Information from the case study was used.4 pointsThe Security Awareness audit plan was built from a sample template or list of "recommended" audit plan contents without customization for the case study company. (Or, inappropriate or excessive copying from other authors' work.)0 pointsNo work submitted.Security Awareness Audit Plan: Audit Objectives5 pointsA clear and concise set of audit objectives were presented. These objectives addressed (and named) each security control in the Awareness & Training (AT) family (as listed in NIST SP 800-53).4 pointsA well written set of audit objectives were presented. The audit objectives addressed (and named) 4 or more security controls in the Awareness & Training (AT) family (as listed in NIST SP 800-53).3 pointsThree or more audit objectives were presented. Each objective was mapped to a specific security control from the Awareness & Training (AT) family (as listed in NIST SP 800-53).2 pointsAudit objectives were mentioned and discussed. But, the objectives were not clearly identified or were not tied to security controls from the Awareness & Training (AT) family.1 pointAudit objectives were mentioned but not clearly identified or expressed. (Or, inappropriate or excessive copying from other authors' work.)0 pointsMissing or no work submitted.Security Awareness Audit Plan: Audit Approach15 pointsThe Audit Approach clearly and concisely identified and described the major elements in the data collection strategy (what data will be collected, how it will be collected, what will be measured). The data collection strategy was supported by a checklist (for a document review) or list of questions (for a survey). The relationship between the audit approach and the measurement of the effectiveness of the security controls implementation was explained.13.5 pointsThe Audit Approach clearly identified the major elements in the data collection strategy (what data will be collected, how it will be collected, what will be measured). The data collection strategy was supported by a checklist (for a document review) or list of questions (for a survey). The relationship between the audit approach and the measurement of the effectiveness of the security controls implementation was clearly stated.12 pointsThe Audit Approach adequately addressed the data collection strategy and provided sufficient information that the reader could understand how the effectiveness of the security controls implementation would be determined.10.5 pointsOrganization and appearance need improvement. The Audit Approach addressed the data collection strategy and provided some information about how compliance would be measured.6 pointsThe Audit Approach was disorganized and difficult to understand. OR, the approach was significantly lacking in content (data collection strategy was not clearly identified). (Or, inappropriate or excessive copying from other authors' work.)0 pointsNo work submitted.IT Security Policies Audit Plan: Audit Background10 pointsThe IT Security Policies audit plan contained an excellent background section which identified and discussed 5 or more risks which drive the requirements and objectives for this audit.The 18 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were identified and discussed. Five or more additional controls from the PM & PL families were also addressed. Contact information was provided for the audit manager. Information from the case study was well integrated into the background material.8.5 pointsThe IT Security Policies audit plan contained an outstanding background section which identified and discussed 3 or more risks which drive the requirements and objectives for this audit.At least 12 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were identified and discussed. Three or more additional controls from the PM & PL families were also addressed. Contact information was provided for the audit manager. Information from the case study was well integrated into the background material.7 pointsThe IT Security Policies audit plan contained an acceptable background section which identified 3 or more risks which drive the requirements and objectives for this audit.At least 10 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were identified and discussed. Three or more additional controls from the PM & PL families were also addressed. Contact information was provided for the audit manager. Information from the case study was integrated into the background material.6 pointsThe background section mentions risks as drivers for the IT Security Policies audit. Security controls and compliance requirements were mentioned. Information from the case study was used.4 pointsThe IT Security Policies audit plan was built from a sample template or list of "recommended" audit plan contents without customization for the case study company. (Or, inappropriate or excessive copying from other authors' work.)0 pointsNo work submitted.IT Security Policies Audit Plan: Audit Objectives5 pointsA clear and concise set of audit objectives were presented. These objectives addressed (and named) all 18 policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53).4 pointsA well written set of audit objectives were presented. These objectives addressed (and named) at least 12 of the policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53).3 pointsThree or more audit objectives were presented. These objectives addressed (and named) at least 10 of the policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53).2 pointsAudit objectives were mentioned and discussed. But, the objectives were not clearly identified or were not tied to policy & procedures IT security controls from NIST SP 800-53.1 pointAudit objectives were mentioned but not clearly identified or expressed. (Or, inappropriate or excessive copying from other authors' work.)0 pointsMissing or no work submitted.IT Security Policies Audit Plan: Audit Approach15 pointsThe Audit Approach clearly and concisely identified and described the major elements in the data collection strategy (what data will be collected, how it will be collected, what will be measured). The data collection strategy was supported by a checklist (for a document review) or list of questions (for a survey). The relationship between the audit approach and the measurement of the effectiveness of the security controls implementation was explained.13.5 pointsThe Audit Approach clearly identified the major elements in the data collection strategy (what data will be collected, how it will be collected, what will be measured). The data collection strategy was supported by a checklist (for a document review) or list of questions (for a survey). The relationship between the audit approach and the measurement of the effectiveness of the security controls implementation was clearly stated.12 pointsThe Audit Approach adequately addressed the data collection strategy and provided sufficient information that the reader could understand how the effectiveness of the security controls implementation would be determined.10.5 pointsOrganization and appearance need improvement. The Audit Approach addressed the data collection strategy and provided some information about how compliance would be measured.6 pointsThe Audit Approach was disorganized and difficult to understand. OR, the approach was significantly lacking in content (data collection strategy was not clearly identified). (Or, inappropriate or excessive copying from other authors' work.)0 pointsNo work submitted.ProfessionalismExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or UnacceptableExecution10 pointsWork is professional in appearance and organization (appropriate and consistent use of fonts, headings, color).No word usage, grammar, spelling, or punctuation errors. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)8.5 pointsWork is professional in appearance and organization (appropriate and consistent use of fonts, headings, color).Work contains minor errors in word usage, grammar, spelling or punctuation which do not significantly impact professional appearance. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)7 pointsWork is professional in appearance and organization (minor issues allowable but overall the work contains appropriate and consistent use of fonts, headings, color).Errors in word usage, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)6 pointsSubmitted work has numerous errors in formatting, organization, word usage, spelling, grammar, or punctuation which detract from readability and professional appearance. Punctuation errors may include failure to properly mark quoted or copied material (an attempt to name original source is required).4 pointsSubmitted work is difficult to read / understand and has significant errors in formatting, appearance / organization, spelling, grammar, punctuation, or word usage. Significant errors in presentation of copied text (lacks proper punctuation and failed to attribute material to original source).0 pointsNo work submitted. OR, work contains significant instances of cut-and-paste without proper citing / attribution to the original work or author.Overall ScoreExcellent90 or moreOutstanding80 or moreAcceptable70 or moreNeeds Improvement56 or moreNeeds Significant Improvement36 or moreMissing or Unacceptable Work0 or more