CYB 410 Project Three Guidelines and Rubric
Crafting and Evaluating Risk-Based Recommendations
Overview
How do you make a good risk-informed decision? In this project, you will look at how you craft and evaluate risk-based
recommendations. You will examine the processes and methods you can use to make risk-based recommendations, their impact,
and the quality of the decisions you’ve made.
Throughout this course and the overall program, you have encountered many real-world breaches. Think about the breaches we
have explored and the role risk management and risk planning played in the outcomes. It is important to review previous breaches
across different industries and find commonalities (similar software usage, for example) to make good decisions when evaluating or
reevaluating your own organization’s risks. The OPM, Sony, and Target breaches are all useful examples that can help you learn
better ways to manage risk and vulnerabilities.
When making risk-informed recommendations, you should look to resources in the form of standards, guidelines, and best practices
to help make and assess your decisions. Some resources you might consider are the NIST, the CIS Controls, or the Fundamental
Security Design Principles; but there are other tools that help classify and quantify risk, like the risk register or business impact
analysis. When you assess the quality of a decision you have made, also consider how it will affect everyone in the organization.
The project will be submitted in Module Seven.
In this assignment, you will demonstrate your mastery of the following competency:
CYB-410-01: Apply decision-quality principles in making risk-informed recommendations
1
Prompt
You must address the critical elements listed below. The codes shown in brackets indicate the competency to which each critical
element is aligned.
I. Risk-Informed Recommendations
A. Discuss how you can use tools to make risk-informed recommendations. Justify your response with a relevant
example. [CYB-410-01]
B. Discuss how you can use resources to make risk-informed recommendations. Justify your response with a
relevant example. [CYB-410-01]
C. Consider how you can identify and minimize your own bias when making risk-informed recommendations. [CYB410-01]
D. Explain how you can use systems thinking to consider the impact of your decision on people, processes, and
technology. [CYB-410-01]
E. Explain what evidence you would use to evaluate whether you made a good decision. [CYB-410-01]
Project Three Rubric
Guidelines for Submission: Your submission should be 2 to 3 pages in length. Use double spacing, 12-point Times New Roman font,
and one-inch margins. Cite any references according to APA style. Use a file name that includes the course code, the assignment
title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx