What is the expected return of each asset?
September 6, 2018
riefly describe issues of cultural diversity as it applies to psychological assessment.
September 6, 2018
0

Prepare briefing package with approval drafts of the two IT related policies for the Manager’s Deskbook.

Project #2: Manager’s Deskbook

Company Background & Operating Environment

Use the assigned case study for information about “the company.”

Policy Issue & Plan of Action

The Manager’s Deskbook contains issue specific policies and implementation procedures which are required to mitigate risks to the company and to otherwise ensure good governance of the company’s operations. The Chief Information Security Officer (CISO) and key CISO staff members held a kick-off meeting last week to identify issue specific policies which should be added to the company’s policy system in the IT Governance category. The policies will be disseminated throughout the company by incorporating them into the Manager’s Deskbook. The required issue specific policies are:

 

  1. Data Breach Response Policy
  2. Preventing / Controlling Shadow IT Policy
  3. Management and Use of Corporate Social Media Accounts Policy

For the purposes of this assignment, you will create a policy recommendations briefing package (containing an Executive Summary and draft policies) and submit that to your instructor for grading.

Note: In a “real world” environment, the policy recommendations briefing package would be submitted to the IT Governance board for discussion and vetting. After revisions and voting, a package containing the accepted policies would be sent to all department heads and executives for comment and additional vetting. These comments would be combined and integrated into the policies and sent out for review again. It usually takes several rounds of review and comments before the policies can be sent to the Chief of Staff’s office for forwarding to the Corporate Governance Board. During the review & comments period, the policies will also be subjected to a thorough legal review by the company’s attorneys. Upon final approval by the Corporate Governance Board, the policies will be adopted and placed into the Manager’s Deskbook. This entire process can take 9 to 12 months, if not longer.

Your Task Assignment

As a staff member supporting the CISO, you have been asked to research and then draft an issue specific policy for each of the identified issues. These policies are to be written for MANAGERS and must identify the issue, explain what actions must be taken to address the issue (the company’s “policy”), state the required actions to implement the policy, and name the responsible / coordinating parties (by level, e.g. department heads, or by title on the organization chart). After completing your research and reviewing sample policies from other organizations, you will then prepare an “approval draft” for each issue specific policy.

  • The purpose of each issue specific policy is to address a specific IT governance issue that requires cooperation and collaboration between multiple departments within an organization.
  • Each issue specific policy should be no more than two typed pages in length (single space paragraphs with a blank line between).
  • You will need to be concise in your writing and only include the most important elements for each policy.
  • You may refer to an associated “procedure” if necessary, e.g. a Procedure for Requesting Issuance of a Third Level Domain Name (under the company’s Second Level Domain name) or a Procedure for Requesting Authorization to Establish a Social Media Account.

Your “approval drafts” will be combined with a one page Executive Summary (explaining why these issue specific policies are being brought before the IT Governance Board).

Research:

  1. Review NIST’s definition of an “Issue Specific Policy” and contents thereof (NIST SP 800-14 p. 14)
  2. Review the weekly readings and resource documents posted in the classroom. Pay special attention to the resources which contain “issues” and “best practices” information for:
  • Data Breach Response
  • Preventing / Controlling Shadow IT
  • Social Media
  1. Review NIST guidance for required / recommended security controls
  • NIST SP 800-53 Access Control (AC) control family (for Social Media policy)
  • NIST SP 800-53 Incident Response (IR) control family (for Data Breach policy)
  • NIST SP 800-53 System and Services Acquisition (SA) control family (Domain Name, Shadow IT, Website Governance)
  1. If required, find additional sources which provide information about the IT security issues which require policy solutions.

Write:

  1. Prepare briefing package with approval drafts of the two IT related policies for the Manager’s Deskbook. Your briefing package must contain the following:
  • Executive Summary
  • “Approval Drafts” for
    • Data Breach Response Policy
    • Preventing / Controlling Shadow IT Policy
    • Management and Use of Corporate Social Media Accounts Policy
Executive Summary Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable
Executive Summary for the Policy Briefing Package 10 points
The Executive Summary provided an excellent summary of the policy package’s purpose and contents. Information about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was well organized and easy to read.		 8.5 points
The Executive Summary provided an outstanding summary of the policy package’s purpose and contents. Information about the case study company was integrated into the summary. Each policy in the briefing package was individually introduced and briefly explained. The material was well organized and easy to read.		 7 points
The Executive Summary provided an acceptable overview of the contents of the policy package. Information about the case study company was used in the summary. Each policy in the briefing package was named and briefly explained.		 6 points
The Executive Summary provided an overview of the policy package. Information about the case study company was mentioned.		 4 points
An executive summary was provided but lacked details as to the purpose and contents of the policy package.(Or, inappropriate or excessive copying from other authors’ work.)		 0 points
No work submitted.
Data Breach Response Policy Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable
Policy Introduction 10 points
The Data Breach Response policy contained an excellent introduction which clearly identified the policy issue and then addressed five or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments. The introduction clearly and concisely presented the major reasons why the company must have this policy.		 8.5 points
The Data Breach Response policy contained an outstanding introduction which clearly identified the policy issue and addressed three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments. The introduction addressed the reasons why the company must have this policy.		 7 points
The introduction for the Data Breach Response policy identified the policy issue and addressed three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments. The introduction mentioned at least one reason why the company must have this policy.		 6 points
The introduction to the Data Breach Response policy mentions the case study company and why the policy is required.		 4 points
The Data Breach Response policy was built from a sample template or list of “recommended” contents without customization for the case study company. (Or, inappropriate or excessive copying from other authors’ work.)		 0 points
No work submitted.
Policy Content 20 points
The body of the policy provided an excellent description of the actions required to create and implement a data breach response plan. The policy identified the responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy. The policy was clear, concise, easy to understand, and appropriately organized.		 18 points
The body of the policy provided an outstanding description of the actions required to create and implement a data breach response plan. The policy identified the responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy. The policy was easy to understand, and appropriately organized.		 16 points
The body of the policy addressed the actions required to create and implement a data breach response plan. The policy identified the responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy.		 14 points
The body of the policy identified most of the required actions for implementing data breach response and mentioned responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures.		 10 points
The policy was disorganized and difficult to understand. OR, inappropriate or excessive copying from other authors’ work.		 0 points
No work submitted.
Shadow IT Policy Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable
Policy Introduction 10 points
The Shadow IT Policy contained an excellent introduction which addressed three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and  contact information is provided for questions about the policy.		 8.5 points
The Shadow Policy contained an outstanding introduction which addressed two or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and  contact information is provided for questions about the policy.		 7 points
The introduction for the Shadow IT Policy was customized for the case study company. One or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments were incorporated into the policy. Compliance requirements were addressed.		 6 points
The introduction to the Shadow IT Policy mentions the case study company and compliance requirements.		 4 points
The Shadow IT was built from a sample template or list of “recommended” contents without customization for the case study company. (Or, inappropriate or excessive copying from other authors’ work.)		 0 points
No work submitted.
Policy Content 15 points
The body of the policy provided an excellent description of the required actions, the responsible parties, compliance requirements including audits, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy. The policy was clear, concise, easy to understand, and appropriately organized.		 13.5 points
The body of the policy provided an outstanding description of the required actions, the responsible parties, compliance requirements including audits, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy. The policy was easy to understand and appropriately organized.		 12 points
The body of the policy provided an acceptable description of the required actions. The policy mentioned at least two of the following: the responsible parties, compliance requirements including audits, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy. The policy was easy to understand and appropriately organized.		 9 points
Organization and appearance need improvement. The Shadow IT policy mentioned compliance requirements for approval to purchase IT hardware, software, and services.		 6 points
The Shadow IT Policy was disorganized and difficult to understand. OR, the policy was significantly lacking in content. (Or, inappropriate or excessive copying from other authors’ work.)		 0 points
No work submitted.
Social Media Accounts Policy Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable
Policy Introduction 5 points
The Social Media Accounts policy contained an excellent introduction which addressed five or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy.		 4 points
The Social Media Accounts policy contained an outstanding introduction which addressed three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy.		 3 points
The introduction for the Social Media Accounts policy was customized for the case study company. Three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments were incorporated into the policy.		 2 points
The introduction to the Social Media Accounts policy mentions the case study company and why the policy is required.		 1 point
The policy was built from a template or list of “best practices” with no customization for the case study company. (Or, inappropriate or excessive copying from other authors’ work.)		 0 points
No work submitted.
Policy Content 10 points
The body of the policy provided an excellent description of the required actions, the responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy. The policy addressed all required actions listed in the assignment. The policy was clear, concise, easy to understand, and appropriately organized.		 8.5 points
The body of the policy provided an outstanding description of the required actions (as listed in the assignment), the responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy. The policy was clear,  easy to understand, and appropriately organized.		 7 points
The body of the policy identified the required actions (as listed in the assignment), the responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures. Contact information is provided for questions about the policy.		 6 points
The body of the policy identified most of the required actions (as listed in the assignment) and mentioned responsible parties, compliance requirements, and sanctions / disciplinary actions for compliance failures.		 4 points
The policy was disorganized and difficult to understand. (Or, inappropriate or excessive copying from other authors’ work.)		 0 points
No work submitted.
Professionalism Excellent Outstanding Acceptable Needs Improvement Needs Significant Improvement Missing or Unacceptable
Addressed security issues using standard terminology 5 points
Demonstrated excellence in the use of standard cybersecurity terminology to support the deliverable. Appropriately used terminology from five or more pillars of IA/IS.		 4 points
Deliverable showed an outstanding understanding and integration of standard cybersecurity terminology. Appropriately used terminology from four or more pillars of IA/IS.		 3 points
Correctly used standard cybersecurity terminology in the deliverable. Appropriately used terminology from three or more pillars of IA/IS.		 2 points
Used standard cybersecurity terminology but this usage was not well integrated into the deliverable.		 1 point
Misused or incorrectly defined cybersecurity terminology.		 0 points
Did not integrate standard cybersecurity terminology into the deliverable.
Organization & Appearance 5 points
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.		 4 points
Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).		 3 points
Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.		 2 points
Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.		 1 point
Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.		 0 points
Submitted work is poorly organized and formatted. Writing and presentation are lacking in professional style and appearance. Work does not reflect college level writing skills. Or, no submission.
Execution 10 points
No word usage, grammar, spelling, or punctuation errors. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)		 8.5 points
Work contains minor errors in word usage,grammar, spelling or punctuation which do not significantly impact professional appearance. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)		 7 points
Errors in word usage, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)		 6 points
Submitted work has numerous errors in word usage, spelling, grammar, or punctuation which detract from readability and professional appearance. Punctuation errors may include failure to properly mark quoted or copied material (an attempt to name original source is required).		 4 points
Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.  Significant errors in presentation of copied text (lacks proper punctuation and failed to attribute material to original source).		 0 points
No work submitted. OR, work contains significant instances of cut-and-paste without proper citing / attribution to the original work or author.
Overall Score Excellent
90 or more		 Outstanding
80 or more		 Acceptable
70 or more		 Needs Improvement
56 or more		 Needs Significant Improvement
36 or more		 Missing or Unacceptable Work
0 or more

As you write your policies, make sure that you address IT and cybersecurity concepts using standard terminology.

  1. Use a professional format for your policy documents and briefing package. Your policy documents should be consistently formatted and easy to read.
  2. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references.
  3. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

Submit For Grading

Submit your Manager’s Deskbook briefing package in MS Word format (.docx or .doc file) for grading using your assignment folder. (Attach the file.)

 

"Get 15% discount on your first 3 orders with us"
Use the following coupon
FIRST15

Order Now
Place Order

Hi there! Click one of our representatives below and we will get back to you as soon as possible.

Chat with us on WhatsApp