Scribd Logo
Upload

Welcome to Scribd!

  • Project 1A

    Uploaded by

    samwise
    9 views7 pages
    This document outlines an 8-step project to analyze and revise organizational cybersecurity policies from different stakeholder perspectives. In the first 3 steps, students will explore the cybersecurity policy process, components of effective policies, and evaluation criteria. In steps 4-6, students will analyze and rewrite sections of an acceptable use policy, internet use policy, and privacy policy for their organization. Step 7 involves writing a cover letter justifying the revisions. Finally, in step 8 students will evaluate their organization's revised cybersecurity policies.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines an 8-step project to analyze and revise organizational cybersecurity policies from different stakeholder perspectives. In the first 3 steps, students will explore the cybersecurity policy process, components of effective policies, and evaluation criteria. In steps 4-6, students will analyze and rewrite sections of an acceptable use policy, internet use policy, and privacy policy for their organization. Step 7 involves writing a cover letter justifying the revisions. Finally, in step 8 students will evaluate their organization's revised cybersecurity policies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views7 pages

    Project 1A

    Uploaded by

    samwise
    This document outlines an 8-step project to analyze and revise organizational cybersecurity policies from different stakeholder perspectives. In the first 3 steps, students will explore the cybersecurity policy process, components of effective policies, and evaluation criteria. In steps 4-6, students will analyze and rewrite sections of an acceptable use policy, internet use policy, and privacy policy for their organization. Step 7 involves writing a cover letter justifying the revisions. Finally, in step 8 students will evaluate their organization's revised cybersecurity policies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    Project 1: Policy Analyses

    Start Here

    It is important to understand a range of organizational policies and the impact of policy content from
    multiple perspectives in order to create fair, legal, equitable, and ethical policies that support
    organizational goals. Analysis of personal privacy issues related to various personal and business-
    related cybersecurity scenarios is pertinent in order to manage cybersecurity risks.

    This is the first of six sequential projects. In this project, you will analyze three different types of
    policies—acceptable use policy, internet use policy, and a retail/commercial company privacy policy
    —using the ones that have been provided to you, or that you have retrieved from an organization
    such as Facebook (or another company with which you are affiliated).

    You will identify the issues in the policies that you think employees, consumers, or individuals should
    be concerned about. You will rewrite two to three sections that may be in question, providing
    justification for your suggested modifications. Relate the questionable content to a recent issue in
    the news about cybersecurity.

    By the end of the course, you will experience and learn the value of drafting and the importance of
    implementing policies in organizations not only from the company's viewpoint but from the
    customer/user perspectives.

    There are eight steps in this project. Begin by reviewing the project scenario, and then proceed to
    Step 1.

    Your work will be evaluated using the competencies listed below.

     1.1: Organize document or presentation clearly in a manner that promotes


    understanding and meets the requirements of the assignment.
     1.5: Use sentence structure appropriate to the task, message and audience.
     2.4: Consider and analyze information in context to the issue or problem.
     7.3: Evaluate enterprise cybersecurity policy.
     Step 1: Explore the Cybersecurity
    Policy Process
     Before you begin revising the policies assigned to you, you will need to understand
    the cybersecurity policy process. First, explore a fictional scenario of insider data
    sabotage for an example of the ill effects of improper or nonexistent policies. Then
    read about cybersecurity policies to learn about policies, procedures, and standards as
    well as how these policies affect the roles and responsibilities throughout the
    organization. Finally, explore the process of policy creation to guide you through your
    assignment.

     Step 2: Explore the Components of a


    Proper Policy
     After your exploration of the cybersecurity policy process in the previous step, you
    are ready to study the requisite policy components of a well-written and
    implementable policy that will facilitate compliance. Take note of these components
    as you will apply them to your own policy revisions in the later steps.

     Step 3: Identify Evaluation Criteria or


    Performance Measures
     Now that you have identified the components of a proper cybersecurity policy, you
    will need to identify policy evaluation criteria for the cybersecurity policy. Refer to
    applicable government and industry cybersecurity standards.
     In some cases, you may need to consider criminal or civil liability issues, and thus
    evaluation criteria may emanate from the judicial guidance. You will apply these
    criteria to your own policy revisions in the later steps.

     Step 4: Rewrite the Current Acceptable


    Use Policy
     In the first three steps, you reviewed the process of creating security policies,
    reviewed components of a proper policy, and identified evaluation criteria to measure
    against existing policies. Now, you are ready to analyze and revise your own
    organization's policies. Such analysis is likely to be qualitative for some aspects,
    quantitative for other aspects, and a hybrid for still other aspects of the policy. As
    such, your choice of measures and analytical techniques must be reasonable and
    justifiable.
     Begin reviewing and updating the first of three security policies for your own
    organization. Review your organization's current policies, with attention to its
    acceptable use policy. Determine what changes are necessary and note your suggested
    changes on the Policy Changes Matrix. Rewrite two to three sections of the acceptable
    use policy that may be in question and provide justification for your suggested
    modifications.
     The new policy and the Policy Changes Matrix will be attached to the final
    assignment. Submit the new policy and table for feedback.
     (THE ABOVE STEP IKUE SEPARATE AS STEP 4)

     Step 5: Rewrite the Current Internet


    Use Policy
     In the previous step, you revised the acceptable use policy for your organization.
    Now, you will review and update the second of the three security policies for your
    organization. Review the details of your organization's current policies, with attention
    to its internet use policy. Determine what changes are necessary and note your
    suggested changes on the Policy Changes Matrix. Rewrite two to three sections of the
    Internet use policy that may be in question and provide justification for your
    suggested modifications.
     The new policy and the Policy Changes Matrix will be attached to the final
    assignment. Submit the new policy and table for feedback.
     (THE ABOVE STEP IKUE SEPARATE AS STEP 5)
    https://securityscorecard.com/blog/cybersecurity-policy-examples#:~:text=A
    %20cybersecurity%20policy%20establishes%20the,mitigate%20security%20threats
    %20and%20vulnerabilities.

     Step 6: Rewrite the Current Company


    Privacy Policy
     You have just revised the internet use policy, and now you will review and update the
    last of the three security policies for your organization. Review your organization's
    current policies, with attention to its privacy policy. Determine what changes are
    necessary and note your suggested changes on the Policy Changes Matrix. Rewrite
    two to three sections of the privacy policy that may be in question and provide
    justification for your suggested modifications.
     The new policy and the Policy Changes Matrix will be attached to the final
    assignment. Submit the new policy and table for feedback.
     (THE ABOVE STEP IKUE SEPARATE AS STEP 6)

     Step 7: Write the Cover Letter


     After completing the revision process of the acceptable use policy, the internet policy,
    and the privacy policy in the previous three steps, you will need to prepare a cover
    letter summarizing the justifications for your suggested modifications for the next
    team meeting. This cover letter (maximum two pages) will provide an explanation for
    the Policy Changes Matrix. Address the letter to the CEO, IT, and HR directors.
    Justifications should be in line with the business goals.
     Submit your cover letter and table for feedback.
     (THE ABOVE STEP IKUE SEPARATE AS STEP 7)
    Step 8: Write the Policy Revisions
    Evaluation
    Now that you have completed your analysis and revision of the three policies, provide a
    written evaluation of your organization's cybersecurity policy to present at the next team
    meeting.

    Your evaluation should examine the completeness and compliance of the organization's
    cybersecurity policy. Consider your organization and organization-related interests as you
    create your evaluation, and consider other aspects, such as how to prevent the failure of the
    cybersecurity policy.

    Complete the following tasks as you write your evaluation:

     Differentiate among the various concepts of enterprise cybersecurity.


     Develop a high-level implementation plan for enterprise cybersecurity policies.
     Assess the major types of cybersecurity threats faced by modern enterprises
    (assessing risk).
     Discuss the principles that underlie the development of an enterprise cybersecurity
    policy framework.
     Articulate clearly and fairly others' alternative viewpoints and the basis of reasoning.
     Identify significant, potential implications, and consequences of alternative points of
    view.
     Evaluate assumptions underlying other analytical viewpoints, conclusions, and/or
    solutions.

    Attach the cover letter, revisions, and Policy Changes Matrix, and submit.

    Check Your Evaluation Criteria

    Before you submit your assignment, review the competencies below, which your instructor
    will use to evaluate your work. A good practice would be to use each competency as a self-
    check to confirm you have incorporated all of them. To view the complete grading rubric,
    click My Tools, select Assignments from the drop-down menu, and then click the project
    title.

     1.1: Organize document or presentation clearly in a manner that promotes


    understanding and meets the requirements of the assignment.
     1.5: Use sentence structure appropriate to the task, message and audience.
     2.4: Consider and analyze information in context to the issue or problem.
     7.3: Evaluate enterprise cybersecurity policy.

     (THE ABOVE STEP IKUE SEPARATE AS STEP 8)



    You might also like