Question Details

[solution] »

I need this paper revised to pass the TurnIt, right now it is showing 79%

This is an emerge


Description

Answer Download


The Question

I need this paper revised to pass the TurnIt, right now it is showing 79%

This is an emergency, please help


Running head: MANAGERS HANDBOOK Red Clay Renovations IT Governance

 

Dormaine Brown

 

November 20, 2016

 

CSIA 413

 

UMUC Professor Ned Goren 1 2

 

Running head: MANAGERS HANDBOOK

 

Executive Summary

 

Cyber-attacks are becoming more frequent lately and affecting businesses and government

 

agencies all over. Thus, cybersecurity is now essential for all businesses IT governance. After

 

careful evaluation, it has been shown that Red Clay Renovation has many vulnerabilities which

 

makes them at risk for cyber-attacks (King, 2016). Therefore, it is essential that Red Clay?s put

 

into place policies to protect their data and its network. These policies need to be clear and

 

understood by everyone so that there is no confusion.

 

The Red Clay Renovations Managers desk book shall provide employees with general

 

guidelines the many policies that Red Clay Renovations follows. The Managers Desk book will

 

serve as a guide for employees to become familiar with Red Clay Renovations policies for Data

 

Breach Policy, Shadow IT Policy and Social Medial Policy.

 

Red Clay Renovations Data Breach Policy provides the guidance for the company to manage,

 

behave and recover from a breach incident. The policy goal is to streamline the best approach to

 

rectify any mishap within a minimal timeframe and recover as quickly as possible. This policy

 

sets a Response Plan team, where each team has a specific predefine task and role to act out

 

during a breach incident.

 

Red Clay Renovations employs the Shadow IT Policy to end the misappropriation of Bring

 

Your Own Device Policy or BYOD by using unauthorized applications in the mobile devices and

 

circumventing the network. The policy will educate users of the dangers that Shadow IT can

 

bring to the company. Shadow IT lead to regulation compliance issues, introduce vulnerabilities

 

to the network systems and eventually shut down the company. The IT team will set an approve

 

list of App in the network where each BYOD user can access. This will ensure that users are

 

using approved Apps and the company remains in control of its data flow. 3

 

Running head: MANAGERS HANDBOOK

 

Red Clay Renovations Social Medial Policy ensures employees follow the strict guidelines

 

that the company has in place to allow employees to better communicate on social media.

 

Employees are made aware of what sites to visit and how to act professionally while acting on

 

the company?s behalf on social media. Separate business and personal involvements while on

 

online. Employee shall never share Red Clay?s confidential data online. 4

 

Running head: MANAGERS HANDBOOK Table of Contents

 

Executive Summary.....................................................................................................................................2

 

Data Breach Policy.......................................................................................................................................5

 

Introduction.........................................................................................................................................5

 

Policy Content......................................................................................................................................5

 

Shadow IT Policy..........................................................................................................................................7

 

Introduction.........................................................................................................................................7

 

Policy Content......................................................................................................................................7

 

Social Medial Policy.....................................................................................................................................9

 

Introduction.............................................................................................................................................9

 

Policy Content..........................................................................................................................................9

 

Contact Information..................................................................................................................................11

 

Penalties....................................................................................................................................................11

 

Conclusion.................................................................................................................................................11

 

References.................................................................................................................................................12 5

 

Running head: MANAGERS HANDBOOK

 

Data Breach Policy

 

Introduction

 

Red Clay Renovations processes and stores customer?s data and PII, therefore Red Clay

 

is susceptible to data breaches at any time. A breach is an unauthorized access to PII or other

 

sensitive information. The goal of the Data Breach Policy is to recover from an incident with no

 

minimal time loss and minimize risks additionally having a good process and communication in

 

place and the ability to implement the plan. The core focus of the policy is on

 

monitoring/detection, triage, response, incident closing and lessons learned (Krebs on Security,

 

2016). In the Response Plan, each team has a specific predefine role of action during a breach.

 

The IT team is usually the lead during a breach, their role is to join forensic analysts to assess,

 

secure the network environment, and quarantine the infected devices while preserving the data

 

for evidence. The legal team is to handle matters that deal with law enforcement, state/ federal

 

law governing data breach, and government agencies. The human resource and the public

 

relations team would both work together in order to provide information to both the public and

 

their clients. In addition, the human resource team, in particular needs to provide additional

 

services to help customers cope with a data breach incident

 

Policy Content

 

A Data Breach is any data pertaining to employees or customers that is lost, stolen, or

 

comprised on the Red Clay Renovations network that is described as PII. Examples are: full

 

government name, social security numbers, account numbers and passwords

 

Additionally, a breach is anyone, whether an employees or intruders having unauthorized access

 

to sensitive data, trade secrets or company proprietary information. Thus, putting together a

 

response plan team together requires lots of planning and the right mix people with the 6

 

Running head: MANAGERS HANDBOOK

 

credentials to perform under pressure and on tasks during a data breach incident. Every response

 

plan needs to have the following team to successfully execute the plan during an attack phase

 

(Office of Information Security and Privacy Protection, 2008). Information Technology

 

Executive Management

 

Customer Service

 

Risk Management and Security

 

Compliance and Audit

 

Legal and Public Relations

 

Privacy

 

Every team and personnel directly involved in the Response Plan is provided a copy of the policy. Once a quarter, Red Clay?s Response Plan teams will test out the procedures in the

 

plan to maintain readiness. Normally, during a breach the IT team is usually the lead however

 

there is the Incident Lead person who oversees the entire event. Usually the Incident lead person

 

is from the legal department. The lead would be responsible for daily briefings to the senior

 

management team, as well as communicating with all the other teams. The incident Lead also

 

estimates costs and create a timeline of events.

 

The IT team is on constant alert of monitoring and detecting the network for signs of

 

abnormal activities to prevent an attack. During a breach response the IT team will implement

 

the triage phase so quickly identify and categorize the breach. The breach can be contained and

 

isolated much quicker, and turn over to forensics for further investigation.

 

The legal team also plays a significant role in the response plan team; because they are

 

responsible for examining and determining what needs to be in the response plan and best legal

 

ways to approach affected parties. There are instances where a breach is handled internally. The

 

legal team will determine if externally organizations should be contacted. Essentially the legal

 

team shall analyze all data and advises on the risks of litigation and fines. 7

 

Running head: MANAGERS HANDBOOK Shadow IT Policy

 

Introduction

 

Red Clay uses many computer aided design (CAD) software tools to help with drafting

 

and blueprints. Red Clay also allows BYOD usage so employees on the go can do their jobs on

 

site. Mobile employees use their BYOD to install the cameras that are installed in the smart

 

homes. Recently, the company did an audit that revealed some installed software that was not

 

authorized by the company and some employees are circumventing the network system. Thus,

 

Red Clay is implementing its Shadow IT policy to address the unauthorized use of the company?s

 

network infrastructures (UNFPA, 2016).

 

Compliance is a major issue since the company collects, processes, and stores PII, PHI

 

and sensitive data. Shadow IT can create software incompatibility whereby employees store

 

company information in their own personal device. Red Clay may be subject to regulatory and

 

legal violations. Shadow IT presents a direct threat to the company?s network. The company

 

will monitor the network for new applications. The IT team will publish a list of Apps and cloud

 

services that employees can access from the network using a single sign on platform. Employees

 

are encourage to bring new apps to the IT team to examine and approve to add to the list. Every

 

time a new application is downloaded in the BYOD, the IT team needs to harden the device to

 

mitigate risks. Shadow IT may inadvertently allow authorize access to PII, PHI and sensitive

 

information.

 

Policy Content

 

For employees who use BYOD, RCR reserves the right to examine your device or any

 

other connected devices that stores company?s data prior to you leaving the company; this will 8

 

Running head: MANAGERS HANDBOOK

 

ensure that RCR has cleaned its data form your devices. IT can make available a list of safe

 

Apps in the network so user of BYOD can access the entire Apps in one location using password

 

to authenticate. Red Clay retains control and the security of the data. Employees need to

 

become familiar with the Shadow IT policy and understand the guidelines they need to follow

 

when considering bypassing the network policy. Red Clay will also monitor the network daily

 

for new applications or devices in use that were authorized by the IT team.

 

If Shadow IT pervades the network the business can no longer control the flow of its data.

 

The company has no idea of the type of software it?s running in its network; some of the Apps

 

are unregulated which can leave the organization in violation of PCI Data Security Standards and

 

HIPPA compliance. Shadow IT can cause conflicts with other software thus create licenses and

 

certificates problems. RCR must comply with HIPPA. HIPPA mandates that company control

 

and protect the traffic of electronic Protected Health Information (ePHI) (Bolger, 2012). Many

 

Apps and software were not designed to meet such standard. Restrict user?s access to third party

 

apps, provide a list of unauthorized Apps in the policy.

 

The intended solution would be for Red Clay to provide secure file sharing services for

 

employees to circumvent the used of third party providers. Red Clay Employees will be urged to

 

use only the provided Shadow IT services to ensure the security and integrity of Red Clay

 

Renovation files. The IT department will monitor all incoming and outgoing traffic to ensure

 

there are no data breaches of data sensitive in nature. The IT department will also monitor and

 

secure Shadow IT services to maintain data integrity and ensure services are being appropriately

 

used. (UNFPA, 2016). 9

 

Running head: MANAGERS HANDBOOK

 

Social Medial Policy

 

Introduction

 

Red Clay uses social media to broadcast information about its business. Social media is

 

the fastest growing mode of communication today. However there are rules a company must

 

follow when allowing their employees to speak on their behalf. The policy will help and educate

 

employees about social media etiquettes and the company?s guidelines when acting on behalf of

 

the company in on social media.

 

Employees need to differentiate between internal use only and external use information.

 

When acting as an employee of Red Clay always identified yourself with your full name and job

 

title. Red Clay is a reputable company so employees need so separate their personal opinion

 

from that of the company when they are on social media. Distinguish your personal opinion

 

from the company by putting a disclaimer (Melick, 2014).

 

Restrict from using Red Clay?s mobile devices or workstations to connect to social

 

media. Don?t access site that would bring shame or discredit the company. Don?t incite

 

violence, hate crimes, racial discriminations while using Red Clay computers. The use of the

 

computers to access social media is solely for conducting Red Clay?s business. Post only factual

 

information, not your opinion when on company?s time. Never share company PII, PHI, trade

 

secrets on social media. Before implementing the policy; the legal team should look over it to

 

ensure it meets the legal guidelines of the National Labor Relations Board.

 

Policy Content

 

Employees need to act professional at all times while on social media. Remember when

 

using the company social media you are the ambassador for the company so be on best behavior

 

to not bring shame and discredit to the Company. Refrain from using words that have negative 10

 

Running head: MANAGERS HANDBOOK

 

connotations as that also brings negative feedback to the company. While on the company?s time

 

do not access social media for personal use using Red Clay computers (Miller-Merrell, 2011).

 

Employees also are restricted from accessing social media accounts that are not approved by the

 

company i.e. pornography and/or gambling sites.

 

Employees will be held accountable for their actions, because their actions can adversely

 

affect the company. Thus, practicing good common sense when on social media. Don?t take the

 

responsibility of being the spoke person for the company, if you come across derogatory

 

comments consider forward them to the proper channel instead of taking matter into your own

 

hands.

 

Separate personal and business life. Knowing when to distinguish the two will help

 

employees to manage with ease. Understand the difference between talking for the company and

 

talking about the company. Red Clay respects the right of every employee keep in mind that

 

whatever is posted online can be seen by others. Ensure that information posted online are

 

factual not your opinion, if there is doubt please don?t post it. 11

 

Running head: MANAGERS HANDBOOK

 

Contact Information

 

If anyone needs any further clarification on this policy, or has any problems or concerns

 

with any aspects of the policies, or has any significate situation that needs to be referenced to the

 

authority on this policy, that person (s) can contact the following

 

Office

 

: Washington, DC

 

Position title : CIS Telephone number : 202-999-9999 Electronic mail address: dbrown348@umuc.edu

 

Penalties

 

As with the Employees Handbook there will be penalties for any employee who violates

 

any of these policies. Red Clay Renovations is fully prepared to protect their customers and

 

intellectual information. Penalties can be either probation, termination and/or fines or jail time.

 

As a result, the company has made a violations and penalty book which goes over in depth the

 

penalties of each policy.

 

Conclusion

 

These policies are to ensure that there is proper governance of Red Clay?s operations in

 

order to prevent any breach of customer?s PII or the company?s intellectual property or trade

 

secrets. Thus, the Data Breach policy will implement processes for preventing loss of PII or any

 

sensitive information regarding Red Clay. The Shadow IT policy will address the use of thirdparty cloud technology or any none Red Clay network services. The Social Media policy will

 

ensure proper use of social media throughout the company as well as determine who would be

 

responsible for controlling the company?s business account.

 

References 12

 

Running head: MANAGERS HANDBOOK

 

Bolger, P. (2012, September). Managing shadow IT. Retrieved from Computer Weekly:

 

http://www.computerweekly.com/opinion/Managing-shadow-IT

 

Krebs on Security. (2016, August 8). Data breach at oracle?s MICROS point-of-sale division.

 

Retrieved from https://krebsonsecurity.com/2016/08/data-breach-at-oracles-microspoint-of-sale-division/

 

King, V. (2016, March 30). Red Clay Renovations. Retrieved from UMUC:

 

https://learn.umuc.edu/d2l/le/content/170374/viewContent/7213506/View

 

Melick, G. (2014, December 1). Top 10 Do?s and Don?ts for Managing Employee Social Media

 

Use. Retrieved from http://www.acc.com/legalresources/publications/topten/managingemployee-social-media.cfm

 

Miller-Merrell, J. (2011, May 17). How to use social media policies: Communicating and

 

training your employees. Retrieved from Blogging4Jobs:

 

http://www.blogging4jobs.com/social-media/part-4-how-to-write-social-media-policies/

 

Office of Information Security and Privacy Protection. (2008). Guide for the role and

 

responsibilities of an information security officer within state government. Retrieved

 

from Office of Information Security and Privacy Protection website:

 

http://www.cio.ca.gov/OIS/Government/documents/pdf/ISO_Roles_Respon_Guide.pdf

 

UNFPA. (2016, January). Shadow it policy. Retrieved from UNFPA:

 

https://www.unfpa.org/sites/default/files/adminresource/ICT_SHADOW_IT_POLICY.pdf

 


Solution details

Solution #000176212

[solution] »

I need this paper revised to pass the TurnIt, right now it is showing 79%

This is an emerge.zip

Uploaded by: Tutor

Answer rating:

This paper was answered on 14-Oct-2020

Pay using PayPal (No PayPal account Required) or your credit card . All your purchases are securely protected by .

About this Question

STATUS

Answered

QUALITY

Approved

DATE ANSWERED

Oct 14, 2020

EXPERT

Tutor

ANSWER RATING

BEST TUTORS

We have top-notch tutors who can do your essay/homework for you at a reasonable cost and then you can simply use that essay as a template to build your own arguments.

You can also use these solutions:

  • As a reference for in-depth understanding of the subject.
  • As a source of ideas / reasoning for your own research (if properly referenced)
  • For editing and paraphrasing (check your institution's definition of plagiarism and recommended paraphrase).
This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student.

STUCK WITH YOUR PAPER?

Order New Solution. Quick Turnaround

Click on the button below in order to Order for a New, Original and High-Quality Essay Solutions. New orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.

WE GUARANTEE, THAT YOUR PAPER WILL BE WRITTEN FROM SCRATCH AND WITHIN A DEADLINE.

Order Now