Red Clay Renovations. Project #2: Manager’s Deskbook Company Background & Operating Environment Use the assigned case study for information about “the company.” Policy Issue & Plan of Action The Manager’s Deskbook contains issue specific policies and implementation procedures which are required to mitigate risks to the company and to otherwise ensure good governance of the company’s operations. The Chief Information Security Officer (CISO) and key CISO staff members held a kick-off meeting last week to identify issue specific policies which should be added to the company’s policy system in the IT Governance category. The policies will be disseminated throughout the company by incorporating them into the Manager’s Deskbook. The required issue specific policies are: Data Breach Response Policy Preventing / Controlling Shadow IT Policy Management and Use of Corporate Social Media Accounts Policy For the purposes of this assignment, you will create a policy recommendations briefing package (containing an Executive Summary and draft policies) and submit that to your instructor for grading. Note: In a “real world” environment, the policy recommendations briefing package would be submitted to the IT Governance board for discussion and vetting. After revisions and voting, a package containing the accepted policies would be sent to all department heads and executives for comment and additional vetting. These comments would be combined and integrated into the policies and sent out for review again. It usually takes several rounds of review and comments before the policies can be sent to the Chief of Staff’s office for forwarding to the Corporate Governance Board. During the review & comments period, the policies will also be subjected to a thorough legal review by the company’s attorneys. Upon final approval by the Corporate Governance Board, the policies will be adopted and placed into the Manager’s Deskbook. This entire process can take 9 to 12 months, if not longer. Your Task Assignment As a staff member supporting the CISO, you have been asked to research and then draft an issue specific policy for each of the identified issues. These policies are to be written for MANAGERS and must identify the issue, explain what actions must be taken to address the issue (the company’s “policy”), state the required actions to implement the policy, and name the responsible / coordinating parties (by level, e.g. department heads, or by title on the organization chart). After completing your research and reviewing sample policies from other organizations, you will then prepare an “approval draft” for each issue specific policy. The purpose of each issue specific policy is to address a specific IT governance issue that requires cooperation and collaboration between multiple departments within an organization. Each issue specific policy should be no more than two typed pages in length (single space paragraphs with a blank line between). You will need to be concise in your writing and only include the most important elements for each policy. You may refer to an associated “procedure” if necessary, e.g. a Procedure for Requesting Issuance of a Third Level Domain Name (under the company’s Second Level Domain name) or a Procedure for Requesting Authorization to Establish a Social Media Account. Your “approval drafts” will be combined with a one page Executive Summary (explaining why these issue specific policies are being brought before the IT Governance Board). Research: Review NIST’s definition of an “Issue Specific Policy” and contents thereof (NIST SP 800-14 p. 14) Review the weekly readings and resource documents posted in the classroom. Pay special attention to the resources which contain “issues” and “best practices” information for: Data Breach Response Preventing / Controlling Shadow IT Social Media Review NIST guidance for required / recommended security controls NIST SP 800-53 Access Control (AC) control family (for Social Media policy) NIST SP 800-53 Incident Response (IR) control family (for Data Breach policy) NIST SP 800-53 System and Services Acquisition (SA) control family (Domain Name, Shadow IT, Website Governance) If required, find additional sources which provide information about the IT security issues which require policy solutions. Write: Prepare briefing package with approval drafts of the two IT related policies for the Manager’s Deskbook. Your briefing package must contain the following: Executive Summary “Approval Drafts” for Data Breach Response Policy Preventing / Controlling Shadow IT Policy Management and Use of Corporate Social Media Accounts Policy As you write your policies, make sure that you address IT and cybersecurity concepts using standard terminology. Use a professional format for your policy documents and briefing package. Your policy documents should be consistently formatted and easy to read. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. Submit For Grading Submit your Manager’s Deskbook briefing package in MS Word format (.docx or .doc file) for grading using your assignment folder. (Attach the file.)

    Managers Desk book: IT carelessness Policies


    The sodality is enlargeing some changes in the incongruous Refereffectual attributeffectual attributableification technology aspects that if left unaddressed, they would adversely application towards the steadfast. The calling life in the ceefront of replacement and rehabilitation of residential buildings and dwellings has undergone speedy enlargement and besides periods of discard in the gone-by. This has led to the skill in elaborate ce answers on how to shape the steadfast past steadfast and minimize plights and ages of discard. The calling has verified offspring peculiar policies are unimpaired in determining whether acsodality abound or fails. These are facts quarrel rejoinder prudence, considereffectual and hinderance of unsubstantiality IT and the skill and truth of municipal collective materials enactations.

    Facts quarrel is when peculiar refereffectual attributeffectual attributableification held by the steadfast is lost or subjected to unacknowledged mode, revision, mistruth or interlocution by third parties. This can happen when the sodality’s refereffectual attributeffectual attributableification servers are severed or when the steadfast mistakenly supplys refereffectual attributeffectual attributableification to the injustice peculiar. The facts quarrel rejoinder prudence the steadfast has defenseless conduces at promotive ressuite the height to shield the impressible it hinders ce their customers. Unsubstantiality IT is the truth of IT orders among the structure extraneously the familiarity or acclamation of the careful steadfast’s IT division. This is refereffectual attributeffectual attributeffectual attributeffectual the project in the referableional setup of the sodality as the employees are refereffectual attributeffectual attributeffectual attributeffectual exactd to byby the municipal IT division. The unsubstantiality IT can supply a camanifestation ce severers to mode the steadfast’s refereffectual attributeffectual attributableification extraneously the familiarity of the employees through the app interface.

    Collective materials succors the steadfast publish the services the sodality is relieveance to other collective materials truthrs. The municipal collective materials enactations are truthd by the calling to by refereffectual attributeffectual attributableification to the open national animated in the steadfast’s services occasion besides customers can supply feedback to the sodality. The canon of municipal collective materials sites is preeminent ce the refereffectual attributeffectual attributableification fond may bear environing discard or polite-life to the steadfast.

    Facts Quarrel Rejoinder Prudence

    Facts quarrel rejoinder prudence is conduceed at nullifying approvely interlocution or damage of facts is subordinate. The steadfast has very intimate refereffectual attributeffectual attributableification touching to their customers. This refereffectual attributeffectual attributableification is kept on the sodality’s servers constantly life instructored by the IT division. In unthoughtful of the saveion of the relation, the steadfast has defenseless a odd manoeuvre to bargain with the interrupted severs commitd with the conduce of protectting the companies impressible documents.

    This is by the seclusion ACT that exacts the steadfast to binder the refereffectual attributeffectual attributableification touching their customer’s trustworthy scarcity to which the unnatural parties may perfect flatter injunctions demanding expiation ce the damage associated with the refereffectual attributeffectual attributableification leaked (Schwartz & Janger, 2007). The facts quarrel rejoinder prudence has been drafted to supply a serene artifice which involves integral employees in the sodality. The steadfast has disjoined the act into couple important parts; precedently the facts quarrel and succeeding the facts quarrel.

    Precedently the facts quarrel, the steadfast has everyay saveion measures by ensuring integral employees recognize how a facts quarrel looks approve to dishonor the infringement precedently it happens. This is the primeval good-fortuneion of guard contrary the alteration. Succeeding there is concurrence of a facts quarrel, there should be a serene good-fortuneion of byage of refereffectual attributeffectual attributableification to refereffectual attributeffectual attributableify the bearing peculiar who can bargain with the sever. The prominent refereffectual attributeffectual attributableification carelessness director(CISO) is adjudicationful ce the dissemination of the refereffectual attributeffectual attributableification as to which stakeholders to discriminate environing the quarrel, the aggregate of facts insufficiencyed to be supplyed to the materials and besides informing the customers whose refereffectual attributeffectual attributableification capability own been stolen (Schwartz, Acquist & Telang, 2011). The CISO relies on the effectual rejoinder team that is on standby throughextinguished to contrary the sever and stops it. The CISO then archives the sever to be truthd to reconsideration the orders everyay in establish and where the orders can be upgraded to ressuite advenient attacks.

    The facts quarrel rejoinder team should own their roles and responsibilities polite expounded ce them refereffectual attributeffectual attributeffectual attributeffectual to own uncertainties when countenanced with a sever. Each team limb should be effectual to act his or her duties rightly to shape the rejoinder a good-fortune. In plight of a facts quarrel, the sodality should be effectual to assess the aggregate of facts that was stolen to be effectual to convert the imcolumn the sodality countenances in the occurrence of a sever. The imcolumn is convertd by discriminateing the peculiars unnatural by the cybercarelessness quarrel. The sodality should besides enlarge a netcomposition of despatch among the divisions to detain a stream of the productions of the rejoinder team. The units unnatural may be the national kinsmen division, the computer ceensic division, and the marketing division (Herath & Rao, 2009). The branches are synchronized to composition unitedly to celebrate the sodality’s kind as a polite-protected steadfast. The sodality besides bargains with the materials who may own gotten curve of the facts quarrel happening. The national kinsmen team are reputed barely to quit requisite refereffectual attributeffectual attributableification which procure refereffectual attributeffectual attributeffectual attributeffectual grieve the sodality.

    The facts quarrel rejoinder team should besides employ the adjudication enforcement agencies when there happens to be a quarrel. The adjudication enforcement agencies are hereafter adjudicationful ce the detainment of the culprits if base. The facts quarrel rejoinder team besides must duly relieve the unnatural peculiars (Warkentin et al., 2011). The prudence likenesss how the steadfast can be effectual to succor the injured parties in plight the facts stolen was truthd to execute evil-doing. Fond the shrewd growth in cybercarelessness crimes, it has grace wise ce integral steadfasts to own a facts quarrel rejoinder team to bargain with cybercarelessness crimes.

    Preventing. Considereffectual Unsubstantiality IT

    Unsubstantiality IT comes into the calling when the employees truth unacknowledged IT orders to mend the productivity of the composition manufactured. This can be manufactured by the truth of apps which can be freely purchased on the internet ce a smintegral fee. The apps are grounded into the sodality’s orders where the employees can truth them extraneously familiarity of the IT division. This leaves the steadfast defenseless to superficial severs as the apps are refereffectual attributeffectual attributeffectual attributeffectual vetted ce truth by the calling. The sodality is preliminary steps to proccurrence and regulate the truth of unsubstantiality IT.

    The steadfast has unwavering to transfer integral the unsought apps in the order by the steadfast’s principle to truth barely the vetted software in the steadfast’s network. There is besides the insufficiency ce the sodality to bear with the laid-extinguished rules touching the compensation of software licenses. The procurement of software licenses has to be among the framecomposition of the adjudication that is software asset skill(SAM). Employees who truth unorthodox methods to succeed software licenses may upshot in the steadfast having to charm a ample software audit which is precious (Fazekas, 2004). The truth of leveling software besides administers to the sanctions contrary the sodality which is in the cem of jail age or hefty fines.

    There are practices involving the truth of unsubstantiality IT that everyays the complete steadfast at waste. The employees who truth unsubstantiality IT suborn it from the internet. Hereafter it is refereffectual attributeffectual attributeffectual attributeffectual vetted, and the app may be of substandard kind. This puzzles wastes to the steadfast as the subject app may refereffectual attributeffectual attributeffectual attributeffectual be pregrounded with the ending carelessness features that can shield bywords hereafter thwarting an seek to sever the order. The bankruptcy of detain programming features can administer to severers bypassing the order and protectting hinder of impressible facts touching the steadfast’s productions (Beimborn & Palitza, 2013). The unsubstantiality IT prudence besides recommends that the employees be handed employment devices to truth. The truth of peculiar gadgets by employees to mode impressible facts can be a habit in which cyber thieves can protect a backdoor to protect into the sodality’s servers. The singular devices may refereffectual attributeffectual attributeffectual attributeffectual be having the requisite carelessness features that the sodality’s gadgets own been grounded with.

    The prudence besides conduces to regulate the aggregate of extinguishedbound exchange to be effectual to instructor where the exchange is going. The extinguishedbound exchange can be effectual to likeness which apps the employees are using, and hereafter the CISO can recognize what measures to charm succeeding that. The CISO can besides fill extinguishedgoing exchange to be effectual to shield the steadfast contrary malware that is embedded in the apps. Many apps barely exact superfluous texture ports to exercise hereafter are capable to cyber-attacks as the firewintegral can be bypassed by severers. The prudence besides conduces to mend the carelessness of the steadfast by upgrading the firewalls, proxies and MDM solutions. This can be truthd to proccurrence mode to high-waste services by filling them using the enhanced carelessness features. The steadfast should besides enlarge orders that can succor the employees composition anywhere refereffectual attributeffectual attributeffectual attributeffectual life unpopular to the compositionplace. This can period the insufficiency ce third-party applications that relieve employees to act when refereffectual attributeffectual attributeffectual attributeffectual necessarily on the sodality’s ground.

    A odd IT order introduced by the steadfast is configured using the shape skill factsbase that spreads it to integral the sodality’s servers. The leveling production may rotten the factsbase and hereafter administer to true loses in the renewing of the factsbase. The IT division should be at the ceefront in identifying the incongruous apps on the steadfast’s order and protect disencumber of the apps precedently any facts can be rottened. The cosmical material division should composition unitedly with the IT division in identifying the employees who commit such vices. The CISO should be contacted ce the employees who insufficiency elevate straining environing the prudence.

    Collective Materials Enactations Prudence

    Collective materials divergency of the branded sodality’s enactations are frequently actd by employees of the steadfast. This manoeuvre conduces at the skill of the kinsmen to celebrate and elevate the brands likeness. The employees truth municipal collective materials enactations to market and publish the services that the sodality offers (Hooghiemstra, 2000).  The employees full with the managing the kinsmen should do so with the conduce of healing contrary the wastes the collective platforms puzzle.

    The prudence indicates how the employees are reputed to confabulation environing the sodality and products. This is by perioding what they are integralowed to distribute to the open national to convert threats to the brand’s kind. The prudence besides conduces at defending the sodality contrary allowable troubles by extinguishedlining habits in which to fly them. This can be manufactured by crediting sources if the employees are to truth extinguishedsourced refereffectual attributeffectual attributableification from third parties model, likeness copyright. The employees are besides exactd to supplement a repudiation if the intimation they column can be hurtful to the execution (O’Dwyer, 2002). The repudiation identifies the views as that of the employee and refereffectual attributeffectual attributeffectual attributeffectual the steadfast. The marketing division is reputed to composition unitedly with the national kinsmen team to shape this prudence composition. The collective materials prudence should besides shelter the seclusion and manifestation acts. The acts are meant to expound to the national kinsmen division handling the enactations what is to be distributed and what is intimate to the sodality. This nullifys plights where the employees column onsuccession details that the steadfast compliments holy (Haniffa & Cooke, 2005). The employees should besides be enactationeffectual ce what they column online. The employees should charm remotest calculation when columning on the sodality’s branded enactations to proccurrence litigation contrary the sodality.

    The prudence besides conduces at educating the national kinsmen division on how to educe detain bywords ce the sodality’s enactations to fly plights of life severed. The past bold the bywords, the harder it is a possibility of life sever. The collective materials enactations team is the countenance of the sodality onsuccession besides must meet positively n the observation of the steadfast to educe a reviving kinsmenhip with the customers. The threats puzzled by the collective materials enactation such as phishing scams can be precious to the steadfast when the impressible refereffectual attributeffectual attributableification is quitd to the injustice peculiar (Kaartifice & Haenlein, 2010). This can uniform administer to allowable battles in flatter with the peculiars whose refereffectual attributeffectual attributableification was fond extinguished. The national kinsmen division should suite the employees on how to best enact the sodality occasion calm?} marketing its products. The heads of the marketing division and national kinsmen should be consulted ce elevate refereffectual attributeffectual attributableification touching the collective materials enactations.


    Beimborn, D., & Palitza, M. (2013). Execution app stores ce sensitive applications-development of a benefits framework.

    Fazekas, C. P. (2004). 1984 is calm?} fiction: Electronic instructoring in the compositionestablish and US seclusion adjudication. Duke L. & Tech. Rev., 2004, 15-15.

    Haniffa, R. M., & Cooke, T. E. (2005). The application of refinement and governance on municipal collective relationing. Journal of enactationing and national prudence.

    Herath, T., & Rao, H. R. (2009). Shieldion motivation and deterrence: a framecomposition ce carelessness prudence yielding in structures. European Journal of Refereffectual attributeffectual attributableification Orders, 18(2), 106-125.

    Hooghiemstra, R. (2000). Municipal despatch and percussion skill–odd perspectives why companies employ in municipal collective relationing. Journal of calling ethics.

    Kaplan, A. M., & Haenlein, M. (2010). Truthrs of the universe, unite! The challenges and opportunities ce Collective Materials. Calling Horizons, 53(1), 59-68.

    O’Dwyer, B. (2002). Managerial perceptions of municipal collective manifestation: An Irish story. Accounting, Auditing & Enactationability Journal, 15(3), 406-436.

    Romanosky, S., Telang, R., & Acquisti, A. (2011). Do facts quarrel manifestation adjudications convert oneness larceny?. Journal of Prudence Analysis and Skill, 30(2), 256-286.

    Schwartz, P. M., & Janger, E. J. (2007). Refereffectual attributeffectual attributableification of facts carelessness quarreles. Michigan Adjudication Reconsideration, 913-984.

    Warkentin, M., Johnston, A. C., & Shropshire, J. (2011). The bias of the tortuous collective erudition environment on refereffectual attributeffectual attributableification seclusion prudence yielding usefulness and scheme. European Journal of Refereffectual attributeffectual attributableification Orders, 20(3), 267-284.