CSIA 413 Cybersecurity Policy Plan and Program

Week 1: Privacy and Corporate Liability Must post first. Subscribe Red Clay’s senior leadership team are reviewing the company’s Annual Report, which the CEO will present at the next quarterly shareholder’s meeting. That report includes the following risk statement. We could be liable if third-party equipment recommended and installed by us, i.e. voice activated smart home controllers, infringes on the privacy of our residential clients. Research how smart devices sense and record information from the environment around them. For example, an device might be designed to listen and record voice inputs OR it might record other sources of private information about movement, locking / unlocking of doors with dates and times, use of devices, etc. Using your research, write a two-page briefing paper (five to seven paragraphs) that corporate board members can use to explain how the third party equipment could infringe on customer privacy and why the company might be liable for damages if customers experience a loss of privacy. Your target audience is Red Clay Renovation’s to shareholders. Provide specific examples of the types of risk events that could occur and the potential impacts (e.g. financial, reputation, client trust, etc.) Your examples should relate to Red Clay and the course case study. Remember, the board members and shareholders are likely nontechnical, so make sure your paper can be understood by laymen. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Week 2: Compliance with Laws and Regulations Must post first. Subscribe Review the Week 2 readings and the Red Clay Renovations company profile for background information before responding to this discussion question. The Red Clay CEO tasked the company’s IT Governance Board with developing a set of policies to address IT security requirements (including mandates for protecting privacy) arising from the following “rule” or “standard”: (a) PCI-DSS (credit card and transaction information) (b) the HIPAA Security Rule (health related information) (c) the “Red Flags” Rule (consumer credit information: identity theft prevention). Choose one of the three sources of regulatory requirements listed above. Write a three-paragraph briefing statement that summarizes the regulatory requirements as they apply to the company’s collection, processing, management, and storage of personal information about Red Clay’s clients. Your briefing statement should identify the specific types of personal information covered by the “rule” or “standard.” Include a compelling argument for why the company needs to adopt guidance policies that will ensure compliance with laws and regulations related to protecting personal information. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Week 3: Policy Mandates: US vs European Approaches to Privacy Laws Must post first. Subscribe In addition to the week 3 course readings, read: Key issues and (General Data Protection Regulation (GDPR)) Prepare a two-page briefing paper (5 to 7 paragraphs) that provides background information about the European Union’s approach to privacy. Your target audience is the IT Governance Board for Red Clay Renovations. Specifically, you should explain the following concepts / practices: • • • Privacy by Design Right to be Forgotten Right to be Informed Your briefing paper must also identify and recommend 5 or more best practices for privacy protection that Red Clay Renovations should incorporate into its IT security policies. At least two of your recommendations must come from the European Union’s privacy mandates. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Week 4: Data Breach Reporting Policy Must post first. Subscribe Review the Red Clay Renovations company profile and the weekly readings. Provide specific information about “the company” in your response. Due to changes in state and federal laws, Red Clay leadership decided the CISO will be the sole accountable official for responding to all data breaches. This change in responsibility drives the requirement for the new data breach reporting policy. The new policy will restrict the freedoms field offices currently have with respect to handling securit y incidents. For example, past practice did not require reporting data breaches to the company’s CISO. Prepare a two-page briefing statement (5 to 7 paragraphs) for the company’s leadership team that presents the CISO’s Communications Strategy for policy issuances (new, updated, changed policies). Include in your briefing an explanation (example) of how this strategy will be used to inform field office employees and managers about a new “”data breach reporting” policy. You are not writing a data breach reporting policy – you are writing a statement that presents a communication strategy for the company’s new data breach reporting policy. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Week 5: Issue Specific Policies: Remote Access Policy Must post first. Subscribe Review the course readings and the Red Clay Renovations company profile for background information before responding to this discussion question. The Red Clay Board of Directors tasked the company’s IT Governance Board to develop a new remote access policy for teleworkers and employees traveling on business (including local area travel to client sites). This policy is required to help mitigate risks associated with remote access into the company’s customer information database. The Board of Directors is concerned about exposure of customer’s personal information to unauthorized individuals. At a minimum, the policy must address the use of virtual private networking by teleworkers when using company or personal equipment to access the company’s servers from outside company offices. The need for updated remote access guidance arises from three regulatory requirements: 1) PCI-DSS (credit card and transaction information) 2) HIPAA Security Rule (health related information) 3) Red Flags Rule (consumer credit information: identity theft prevention). Write a two-page internal policy that includes the following: 1. Purpose: Summarize the regulatory requirements and the reason(s) Red Clay needs the remote access policy. 2. Scope: Summarize the regulatory requirements as they apply to employees’ remote access to customer information which Red Clay collects, processes, manages, and stores. 3. Policy: Write at least ten policy statements addressing how Red Clay employees should ensure the security of computers, laptops, and other mobile devices used for remote access into the company’s networks and servers. Your policy must specifically address the use of a VPN. Your policy must also include consequences and/or penalties for inappropriate or unauthorized disclosures of customer information due to the employees’ failure to comply with this policy. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Make sure you use the discussion rubric as well as the above information to ensure you include all the required elements in your discussion response. Week 6: Selecting & Implementing Security Controls Must post first. Subscribe A recent risk assessment highlighted the need for Red Clay to formalize the security measures required to protect information, information systems, and the information infrastructures for the company’s headquarters and field offices. The CISO has proposed a plan of action which includes developing system security plans using guidance from NIST SP-800-18 Guide for Developing Security Plans for Federal Information Systems. The CISO asked you to prepare a two page, draft briefing paper (5-7 paragraphs) for the IT Governance Board and Red Clay Renovations Board of Directors that introduces Security Control Classes and Security Control Families related to Red Clay risks. This audience is familiar with financial controls but has not yet been introduced to the use of controls in the context of IT security. You should leverage their knowledge in your explanations of the control classes and families. If necessary, research “financial controls” as well as IT security controls before writing this briefing paper. Your draft briefing paper should include the following items: 1. An introduction telling the IT Governance Board and the Red Clay Board of Directors the purpose of the draft briefing paper. 2. A description of each control class (managerial, operation, and technical). THEN, write a descriptive paragraph explaining how three these specific control classes will work together to protect the Red Clay Renovations IT Infrastructure for the Wilmington, DE Offices (Headquarters). 3. From the below table, choose one family control from each of the management, operational, and technical control classes. 4. Write a description of each family control, THEN write a descriptive paragraph explaining how each family control will work to protect Red Clay’s IT infrastructure. 5. Select two sub-family controls (i.e., AC1 and AC6) from each family control. THEN, write a descriptive example of how this sub-familycontrol will protect the Red Clay infrastructure. Your examples should relate to the Red Clay case study. 6. Family Control Family Control Family Control Planning Risk Assessment Program Management Control Class – Access Controls Technical Control Identification & Authentication System & Communication Protections Control Class – Operational Control Contingency Planning Incident Response Control Class – Management Awareness & Training Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Week 7: Communicating New or Revised Guidance to Employees & Managers Must post first. Subscribe In Week 4, you developed a plan for how to inform employees and managers about a new policy. For this discussion, you must develop a new and more comprehensive communications strategy which responds to an audit finding that the previous Communications Strategy was not sufficient and had contributed to a controls failure. A recent internal audit uncovered a lack of knowledge on the part of employees and included a finding that this lack of knowledge contributed to a compliance failure for IT security controls related to privacy and data security. The auditors recommended that the company needed to improve its communication of policy changes and revisions to both employees and managers. The auditors also noted that Red Clay Renovations has been experiencing a great deal of change especially with respect to how the company protects information from unauthorized disclosures, including theft of data by cyber criminals. The company agreed with the finding and in its response noted that it has developed a substantial number of new and revised policies, plans, and guidance procedures to help manage the associated risks but that it could improve internal communications about those changes. Now, the company needs to fix the “communications” problem. The CISO has asked you to help develop a communication strategy that can be used to explain the cybersecurity and privacy related policies to a non-technical workforce. Your Task: Prepare a briefing that identifies your top 5 strategies and explains why you chose each one. Provide examples of the types of policies which need to be communicated to the workforce (use your work for Projects 1, 2, & 3 and your weekly discussion papers). To get started, review the communications strategy that you developed for the Week 4 discussion. Then consult the resources (listed below) which were provided by the company’s Human Resources office. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Make sure you use the discussion rubric as well as the above instructions to ensure you include all the required elements in your response. Reading List provided by the Human Resources Office: Communication Channels Internal Communications Policy How to Communicate Policies and Procedures SnapComms Week 8: Budgeting for Cybersecurity Must post first. Subscribe Choose one of the following strategies for reducing the costs associated with responding to cyberattacks from the Rand Report* (A Framework for Programming and Budgeting for Cybersecurity): • • • • Minimize Exposure Neutralize Attacks Increase Resilience Accelerate Recovery Then, prepare a two-page briefing paper (5 to 7 paragraphs) for the Red Clay senior leadership and Red Clay corporate board that addresses planning, programming, and budgeting processes for your strategy. Your audience is the company’s IT Security Working group and includes both technical and non-technical managers and senior staff members responsible for budgeting. The general questions that this audience is interested in are: • • • Planning: What will we do? (your chosen cybersecurity strategy) Programming: How and when will we do it? Budgeting: How much will it cost and how will we pay for it? Remember to keep your focus on the processes related to planning, programming, and budgeting not the actual hardware, software, etc. that needs to be acquired and paid for. You may, however, provide examples of hardware or software. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. *Rand Report: Davis, J. S., Libicki, M. C., Johnson, S. E., Kumar, J., Watson, M., & Karode, A. (2016). A framework for programming and budgeting for cybersecurity (Rand TL-168). Retrieved from

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.