Answer & Explanation:Document attached
project__2_managers_deskbook.docx
Unformatted Attachment Preview
CSIA 413: Cybersecurity Policy, Plans, and Programs
Project #2: Manager’s Deskbook
Company Background & Operating Environment
Use the assigned case study for information about “the company.”
Policy Issue & Plan of Action
The Manager’s Deskbook contains issue specific policies and implementation procedures which
are required to mitigate risks to the company and to otherwise ensure good governance of the
company’s operations. The Chief Information Security Officer (CISO) and key CISO staff members held a
kick-off meeting last week to identify issue specific policies which should be added to the company’s
policy system in the IT Governance category. The policies will be disseminated throughout the company
by incorporating them into the Manager’s Deskbook. The required issue specific policies are:
1. Data Breach Response Policy
2. Preventing / Controlling Shadow IT Policy
3. Management and Use of Corporate Social Media Accounts Policy
4. Corporate Domain Name Management Policy
5. Website Governance Policy
For the purposes of this assignment, you will create a policy recommendations briefing package
(containing an Executive Summary and draft policies) and submit that to your instructor for grading.
Note: In a “real world” environment, the policy recommendations briefing package would be
submitted to the IT Governance board for discussion and vetting. After revisions and voting, a package
containing the accepted policies would be sent to all department heads and executives for comment
and additional vetting. These comments would be combined and integrated into the policies and sent
out for review again. It usually takes several rounds of review and comments before the policies can be
sent to the Chief of Staff’s office for forwarding to the Corporate Governance Board. During the review
& comments period, the policies will also be subjected to a thorough legal review by the company’s
attorneys. Upon final approval by the Corporate Governance Board, the policies will be adopted and
placed into the Manager’s Deskbook. This entire process can take 9 to 12 months, if not longer.
Your Task Assignment
As a staff member supporting the CISO, you have been asked to research and then draft an issue
specific policy for each of the identified issues. These policies are to be written for MANAGERS and must
identify the issue, explain what actions must be taken to address the issue (the company’s “policy”),
state the required actions to implement the policy, and name the responsible / coordinating parties (by
level, e.g. department heads, or by title on the organization chart). After completing your research and
Copyright ©2016 by University of Maryland University College. All Rights Reserved
CSIA 413: Cybersecurity Policy, Plans, and Programs
reviewing sample policies from other organizations, you will then prepare an “approval draft” for each
issue specific policy.
The purpose of each issue specific policy is to address a specific IT governance issue that
requires cooperation and collaboration between multiple departments within an
organization.
Each issue specific policy should be no more than two typed pages in length (single
space paragraphs with a blank line between).
You will need to be concise in your writing and only include the most important
elements for each policy.
You may refer to an associated “procedure” if necessary, e.g. a Procedure for Requesting
Issuance of a Third Level Domain Name (under the company’s Second Level Domain
name) or a Procedure for Requesting Authorization to Establish a Social Media Account.
Your “approval drafts” will be combined with a one page Executive Summary (explaining why
these issue specific policies are being brought before the IT Governance Board).
Research:
1. Review NIST’s definition of an “Issue Specific Policy” and contents thereof (NIST SP 800-14 p. 14)
2. Review the weekly readings and resource documents posted in the classroom. Pay special
attention to the resources which contain “issues” and “best practices” information for:
Data Breach Response
Preventing / Controlling Shadow IT
Social Media
Corporate Domain Name Management
Website Governance
3. Review NIST guidance for required / recommended security controls
NIST SP 800-53 Access Control (AC) control family (for Social Media policy)
NIST SP 800-53 Incident Response (IR) control family (for Data Breach policy)
NIST SP 800-53 System and Services Acquisition (SA) control family (Domain Name,
Shadow IT, Website Governance)
4. If required, find additional sources which provide information about the IT security issues which
require policy solutions.
Write:
1. Prepare briefing package with approval drafts of the two IT related policies for the Manager’s
Deskbook. Your briefing package must contain the following:
Executive Summary
“Approval Drafts” for
Copyright ©2016 by University of Maryland University College. All Rights Reserved
CSIA 413: Cybersecurity Policy, Plans, and Programs
o
o
o
o
o
Data Breach Response Policy
Preventing / Controlling Shadow IT Policy
Management and Use of Corporate Social Media Accounts Policy
Corporate Domain Name Management Policy
Website Governance Policy
As you write your policies, make sure that you address IT and cybersecurity concepts using
standard terminology.
2. Use a professional format for your policy documents and briefing package. Your policy
documents should be consistently formatted and easy to read.
3. Common phrases do not require citations. If there is doubt as to whether or not information
requires attribution, provide a footnote with publication information or use APA format
citations and references.
4. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c)
verifying that your punctuation is correct and (d) reviewing your work for correct word usage
and correctly structured sentences and paragraphs.
Submit For Grading
Submit your Manager’s Deskbook briefing package in MS Word format (.docx or .doc file) for
grading using your assignment folder. (Attach the file.)
Copyright ©2016 by University of Maryland University College. All Rights Reserved
…
Purchase answer to see full
attachment
Order a plagiarism free paper now. We do not use AI. Use the code SAVE15 to get a 15% Discount
Looking for help with your ASSIGNMENT? Our paper writing service can help you achieve higher grades and meet your deadlines.
Why order from us
We offer plagiarism-free content
We don’t use AI
Confidentiality is guaranteed
We guarantee A+ quality
We offer unlimited revisions