Project 1: Policy AnalysesStart Here
It is important to understand a range of organizational policies and the impact of policy content from multiple perspectives in order to create fair, legal, equitable, and ethical policies that support organizational goals. Analysis of personal privacy issues related to various personal and business-related cybersecurity scenarios is pertinent in order to manage cybersecurity risks.
This is the first of six sequential projects. In this project, you will analyze three different types of policies—acceptable use policy, internet use policy, and a retail/commercial company privacy policy—using the ones that have been provided to you, or that you have retrieved from an organization such as Facebook (or another company with which you are affiliated).
You will identify the issues in the policies that you think employees, consumers, or individuals should be concerned about. You will rewrite two to three sections that may be in question, providing justification for your suggested modifications. Relate the questionable content to a recent issue in the news about cybersecurity.
By the end of the course, you will experience and learn the value of drafting and the importance of implementing policies in organizations not only from the company’s viewpoint but from the customer/user perspectives.
There are eight steps in this project. Begin by reviewing the project scenario, and then proceed to Step 1.
Step 1: Explore the Cybersecurity Policy Process Before you begin revising the policies assigned to you, you will need to understand the cybersecurity policy process. First, explore a fictional scenario of insider data sabotage for an example of the ill effects of improper or nonexistent policies. Then read about cybersecurity policies to learn about policies, procedures, and standards as well as how these policies affect the roles and responsibilities throughout the organization. Finally, explore the process of policy creation to guide you through your assignment.
Step 2: Explore the Components of a Proper Policy After your exploration of the cybersecurity policy process in the previous step, you are ready to study the requisite policy components of a well-written and implementable policy that will facilitate compliance. Take note of these components as you will apply them to your own policy revisions in the later steps.
Step 3: Identify Evaluation Criteria or Performance Measures
Now that you have identified the components of a proper cybersecurity policy, you will need to identify policy evaluation criteria for the cybersecurity policy. Refer to applicable government and industry cybersecurity standards.
In some cases, you may need to consider criminal or civil liability issues, and thus evaluation criteria may emanate from the judicial guidance. You will apply these criteria to your own policy revisions in the later steps.
Step 4: Rewrite the Current Acceptable Use Policy
In the first three steps, you reviewed the process of creating security policies, reviewed components of a proper policy, and identified evaluation criteria to measure against existing policies. Now, you are ready to analyze and revise your own organization’s policies. Such analysis is likely to be qualitative for some aspects, quantitative for other aspects, and a hybrid for still other aspects of the policy. As such, your choice of measures and analytical techniques must be reasonable and justifiable.
Begin reviewing and updating the first of three security policies for your own organization. Review your organization’s current policies, with attention to its acceptable use policy. Determine what changes are necessary and note your suggested changes on the Policy Changes Matrix. Rewrite two to three sections of the acceptable use policy that may be in question and provide justification for your suggested modifications.
The new policy and the Policy Changes Matrix will be attached to the final assignment. Submit the new policy and table for feedback.
Submission for Revised Acceptable Use Policy
Step 5: Rewrite the Current Internet Use Policy
In the previous step, you revised the acceptable use policy for your organization. Now, you will review and update the second of the three security policies for your organization. Review the details of your organization’s current policies, with attention to its internet use policy. Determine what changes are necessary and note your suggested changes on the Policy Changes Matrix. Rewrite two to three sections of the Internet use policy that may be in question and provide justification for your suggested modifications.
The new policy and the Policy Changes Matrix will be attached to the final assignment. Submit the new policy and table for feedback.
Submission for Revised Internet Use Policy
Step 6: Rewrite the Current Company Privacy Policy
You have just revised the internet use policy, and now you will review and update the last of the three security policies for your organization. Review your organization’s current policies, with attention to its privacy policy. Determine what changes are necessary and note your suggested changes on the Policy Changes Matrix. Rewrite two to three sections of the privacy policy that may be in question and provide justification for your suggested modifications.
The new policy and the Policy Changes Matrix will be attached to the final assignment. Submit the new policy and table for feedback.
Submission for Revised Privacy Policy
Step 7: Write the Cover Letter
After completing the revision process of the acceptable use policy, the internet policy, and the privacy policy in the previous three steps, you will need to prepare a cover letter summarizing the justifications for your suggested modifications for the next team meeting. This cover letter (maximum two pages) will provide an explanation for the Policy Changes Matrix. Address the letter to the CEO, IT, and HR directors. Justifications should be in line with the business goals.
Submit your cover letter and table for feedback.
Submission for Cover Letter
Step 8: Write the Policy Revisions Evaluation
Now that you have completed your analysis and revision of the three policies, provide a written evaluation of your organization’s cybersecurity policy to present at the next team meeting.
Your evaluation should examine the completeness and compliance of the organization’s cybersecurity policy. Consider your organization and organization-related interests as you create your evaluation, and consider other aspects, such as how to prevent the failure of the cybersecurity policy.
Complete the following tasks as you write your evaluation:
Differentiate among the various concepts of enterprise cybersecurity.
Develop a high-level implementation plan for enterprise cybersecurity policies.
Assess the major types of cybersecurity threats faced by modern enterprises (assessing risk).
Discuss the principles that underlie the development of an enterprise cybersecurity policy framework.
Articulate clearly and fairly others’ alternative viewpoints and the basis of reasoning.
Identify significant, potential implications, and consequences of alternative points of view.
Evaluate assumptions underlying other analytical viewpoints, conclusions, and/or solutions.