CSIA 413 UMGC Cybersecurity Policy Plan and Program Employee Handbook Discussion

User Generated

Zngcerzvre

Computer Science

CSIA 413

University of Maryland Global Campus

CSIA

Description

Submit For Grading

Executive Summary

Executive Summary for the Policy Briefing Package

10 points

The Executive Summary provided an excellent summary of the policy package's purpose and contents. Information about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was well organized and easy to read.

Acceptable Use Policy

Policy Introduction

10 points

The Acceptable Use Policy contained an excellent introduction which addressed five or more specific characteristics of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

Policy Content

20 points

The Acceptable Use Policy was well organized (including 5 or more section headings for topics) and easy to understand. The policy addressed 15 or more employee responsibilities (15 or more separate policy statements) including all topics listed in the assignment.

BYOD Policy

Policy Introduction

10 points

The BYOD Policy contained an excellent introduction which addressed three or more specific characteristics of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

Policy Content

15 points

The BYOD Policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed 10 or more employee responsibilities (10 or more separate policy statements) including all topics listed in the assignment.

Reuse, & Destruction Policy

Policy Introduction

5 points

The media sanitization, reuse, and destruction policy contained an excellent introduction which addressed five or more specific characteristics of the company's business and/or legal & regulatory environments which impose requirements for this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

Policy Content

10 points

The media sanitization, reuse, and destruction policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed all three functions (sanitization, reuse, and destruction) and included 9 or more separate policy statements.

Addressed security issues using standard terms (e.g. confidentiality, integrity, availability, non-repudiation, authenticity, accountability, auditability, etc.).

5 points

Organization & Appearance

5 points

Execution

10 points

No word usage, grammar, spelling, or punctuation errors. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)

Unformatted Attachment Preview

CSIA 413: Cybersecurity Policy, Plans, and Programs Project #1: Employee Handbook Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristics. Please refer to the company profile (file posted in Week 1 > Content > CSIA 413 Red Clay Renovations Company Profile.docx) for additional background information and information about the company’s operating environment. Policy Issue & Plan of Action The company has grown substantially over the past few years. The current Employee Handbook was created from a set of templates purchased from a business services firm. The policies in the handbook were reviewed by the company’s attorney at the time of purchase. The attorney raised no objections at that time. During a recent legal review, the company’s corporate counsel advised that the company update the Employee Handbook to better address its current operating environment. The Chief Executive Officer has tasked the Chief of Staff to oversee the handbook updates including obtaining all necessary approvals from the Corporate Governance Board. The Chief of Staff met with the full IT Governance Board to discuss the required policy updates. (The IT Governance Board is responsible for providing oversight for all IT matters within the company). The outcome of that meeting was an agreement that the CISO and CISO staff will update and/or create IT related policies for the employee handbook. These policies include: • Acceptable Use Policy for Information Technology • Bring Your Own Device Policy • Digital Media Sanitization, Reuse, & Destruction Policy Your Task Assignment As a staff member supporting the CISO, you have been asked to research what the three policies should contain and then prepare an “approval draft” for each one. No single policy should exceed two typed pages in length so you will need to be concise in your writing and only include the most important elements for each policy. The policies are to be written for EMPLOYEES and must explain employee obligations and responsibilities. Each policy must also include the penalties for violations of the policy and identify who is responsible for compliance enforcement. Your “approval drafts” will be submitted to the IT Governance Board for discussion and vetting. If the board accepts your policies, they will then be reviewed and critiqued by all department heads and executives before being finalized by the Chief of Staff’s office. The policies will also be subjected to a Copyright ©2020 by University of Maryland Global Campus. All Rights Reserved CSIA 413: Cybersecurity Policy, Plans, and Programs thorough legal review by the company’s attorneys. Upon final approval by the Corporate Governance Board, the policies will be adopted and placed into the Employee Handbook. Research: 1. Review the table of contents and relevant chapters in the Certified Information Privacy Professional textbook to find information about legal and regulatory drivers. 2. Review the remaining course readings. 3. Review the sample policies and procedures provided in Week 3. 4. Find additional sources which provide information about the policy statements which should be covered in three policies for the Employee Handbook. Write: 1. Prepare briefing package with approval drafts of the three IT related policies for the Employee Handbook. Your briefing package must contain the following: • • Executive Summary “Approval Drafts” for o Acceptable Use Policy for Information Technology o Bring Your Own Device Policy o Digital Media Sanitization, Reuse, & Destruction Policy As you write your policies, make sure that you address security issues using standard cybersecurity terminology. 2. Use a professional format for your policy documents and briefing package. A recommended format is provided in the assignment template file (see the recommended template under Course Resources). 3. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count. 4. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references. 5. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 6. Consult the grading rubric for specific content and formatting requirements for this assignment. Copyright ©2020 by University of Maryland Global Campus. All Rights Reserved CSIA 413: Cybersecurity Policy, Plans, and Programs Submit For Grading Executive Summary Executive Summary for the Policy Briefing Package 10 points The Executive Summary provided an excellent summary of the policy package's purpose and contents. Information about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was well organized and easy to read. Acceptable Use Policy Policy Introduction 10 points The Acceptable Use Policy contained an excellent introduction which addressed five or more specific characteristics of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy. Policy Content 20 points The Acceptable Use Policy was well organized (including 5 or more section headings for topics) and easy to understand. The policy addressed 15 or more employee responsibilities (15 or more separate policy statements) including all topics listed in the assignment. BYOD Policy Policy Introduction 10 points The BYOD Policy contained an excellent introduction which addressed three or more specific characteristics of the company's business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy. Policy Content 15 points The BYOD Policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed 10 or more employee responsibilities (10 or more separate policy statements) including all topics listed in the assignment. Reuse, & Destruction Policy Copyright ©2020 by University of Maryland Global Campus. All Rights Reserved CSIA 413: Cybersecurity Policy, Plans, and Programs Policy Introduction 5 points The media sanitization, reuse, and destruction policy contained an excellent introduction which addressed five or more specific characteristics of the company's business and/or legal & regulatory environments which impose requirements for this policy. Compliance requirements are addressed and contact information is provided for questions about the policy. Policy Content 10 points The media sanitization, reuse, and destruction policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed all three functions (sanitization, reuse, and destruction) and included 9 or more separate policy statements. Addressed security issues using standard terms (e.g. confidentiality, integrity, availability, nonrepudiation, authenticity, accountability, auditability, etc.). 5 points Organization & Appearance 5 points Execution 10 points No word usage, grammar, spelling, or punctuation errors. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.) Copyright ©2020 by University of Maryland Global Campus. All Rights Reserved
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached. Please let me know if you have any questions or need revisions.

Cybersecurity Project - Outline
Thesis Statement: Implementation of the data security plan is integral.
I.

Executive Summary
A. Details on the Expectations Set Relating to Data Use and Management

II.

Acceptable Use Policy for Information Technology
A. Policy Introduction
B. Staff Expectations
C. Policy Elaboration
D. Access Rules
E. Compliance Management

III.

Bring Your Device Policy
A. Policy Introduction
B. Staff Expectations
C. Policy Elaboration
D. Access Rules
E. Compliance Management

IV.

Digital Media Sanitization, Reuse, & Destruction Policy
A. Policy Introduction and Definition
B. Controls on the Certification of Destruction
C. Compliance Management


Running head: CYBERSECURITY

1

Cyber Security Project
Name
Institution

CYBERSECURITY

2
Cyber Security Project
Executive Summary

Red Clay Renovations is an internationally renowned organization that deals primarily
with the rehabilitation and renovation of residential buildings and homes. As stated, the
organization is well known and seeks to have modalities in place, touching on the use and
handling of all matters technological, more so the security attached to it when engaging its
employees. The organization is seeking to use the internet of things and smart home concept
extensively in its endeavors and, as such, does not want missteps by employees, thereby
hampering the project or the client's security needs. Often, matters about technology, more so
insecurities, can be perpetrated by employees knowingly or unknowingly, thereby leading to the
distortion or hampering of data about its current and potential customers' homes. Among the
aspects that will be focused on in terms of the staff is the acceptable use of policy for information
technology, matters about devices owned by the employees, and digital media sanitization, reuse,
& destruction Policy. The employees will be provided with stringent non-negotiable deadlines on
how all these facets will be addressed and the modalities to ensure that the set structure is
followed. The employees will also know at each stage the compliance enforcement of the
process and can, by all means, ask questions on matters that might seem unclear or in need of
further clarification. It is a realm that the organization shall focus on extensively and will expect
all the employees to adhere according to the laid down procedures.
Acceptable Use Policy for Information Technology
Policy Introduction
At Red Clay Renovations, employees are expected to adhere to the policy set out on
matters about the acceptable use of information technology. The blueprint on polic...


Anonymous
Excellent! Definitely coming back for more study materials.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
Similar Content
Related Tags