CSIA 413: Cybersecurity Policy, Plans, and Programs
June 2, 2019
Executive Summary
The Red Clay Renovations Employee Handbook is to give general rules about its strategies. The Employee Handbook will fill in as a guide for workers to get comfortable with Red Clay Renovations strategies for "Acceptable Use Policy for Information Technology", "Bring Your Own Device Policy " and "Digital Media Sanitization, Reuse, and Destruction Policy". Red Clay Renovations maintains whatever authority is needed to adjust the Employee Handbook to best suit the organization whenever with no earlier warning to its representatives.
Red Clay Renovations "Acceptable Use Policy for Information Technology" will characterize in subtleties what Acceptable Use is and what it's most certainly not. Every Employee will get his/her duty of the framework accounts, processing resources, organize utilization and will sign and consent to the approach before access is conceded to the system.
Red Clay Renovations "Bring Your Own Device Policy or BYOD" will name every one of the gadgets that are satisfactory as BYOD and the administration of the use of such gadgets. Every worker's gadgets must satisfy the arrangement guideline before actualizing the gadgets into Red Clay Renovation Company.
Red Clay Renovations "Digital Media Sanitization, Reuse, and Destruction Policy" will ensure that any worker of Red Clay Renovation who marked for the BYOD approach has/should sign this arrangement also. Workers need to comprehend the techniques the organization will use to clean off the BYOD.
Acceptable Use Policy
Introduction
This Acceptable Use Policy is for all Red Clay Renovation workers and supplants every single past version. All workers are liable to the terms and states of the Policy. The approach will build up satisfactory and inadmissible utilization of defending the security of information, secure and ensure PC and PCs, the use of system condition and servers, the utilization of electronic correspondences. Additionally Red Clay Renovation gathers, keeps up, and stores individual data to incorporate Mastercard’s, credit checks, building plans and illustrations, customers restorative and wellbeing information.
Red Clay Renovation must be in consistence with the accompanying: HIPPA Privacy and Security Rule, Freedom of Information Act (FOIA), PCI DSS, Privacy Act of 1977, Building Codes and Regulations. It is to the greatest advantage of the organization for all workers to comprehend the Acceptable Use Policy to settle on trustworthy choices before participating in inadmissible utilization of the approach. Any offense with the Acceptable Use Policy could conceivably cause Red Clay Renovation considerable loss of its business and its notorieties. On the off chance that any worker needs more data with this arrangement, they can reach out to the IT department directly.
Policy Content
Utilization of IT Systems
Red Clay Renovation possesses the property rights to all informati.
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
1. CSIA 413: Cybersecurity Policy, Plans, and Programs
June 2, 2019
Executive Summary
The Red Clay Renovations Employee Handbook is to give
general rules about its strategies. The Employee Handbook will
fill in as a guide for workers to get comfortable with Red Clay
Renovations strategies for "Acceptable Use Policy for
Information Technology", "Bring Your Own Device Policy "
and "Digital Media Sanitization, Reuse, and Destruction
Policy". Red Clay Renovations maintains whatever authority is
needed to adjust the Employee Handbook to best suit the
organization whenever with no earlier warning to its
representatives.
Red Clay Renovations "Acceptable Use Policy for Information
Technology" will characterize in subtleties what Acceptable Use
is and what it's most certainly not. Every Employee will get
his/her duty of the framework accounts, processing resources,
organize utilization and will sign and consent to the approach
before access is conceded to the system.
Red Clay Renovations "Bring Your Own Device Policy or
BYOD" will name every one of the gadgets that are satisfactory
as BYOD and the administration of the use of such gadgets.
Every worker's gadgets must satisfy the arrangement guideline
before actualizing the gadgets into Red Clay Renovation
Company.
2. Red Clay Renovations "Digital Media Sanitization, Reuse, and
Destruction Policy" will ensure that any worker of Red Clay
Renovation who marked for the BYOD approach has/should
sign this arrangement also. Workers need to comprehend the
techniques the organization will use to clean off the BYOD.
Acceptable Use Policy
Introduction
This Acceptable Use Policy is for all Red Clay Renovation
workers and supplants every single past version. All workers
are liable to the terms and states of the Policy. The approach
will build up satisfactory and inadmissible utilization of
defending the security of information, secure and ensure PC and
PCs, the use of system condition and servers, the utilization of
electronic correspondences. Additionally Red Clay Renovation
gathers, keeps up, and stores individual data to incorporate
Mastercard’s, credit checks, building plans and illustrations,
customers restorative and wellbeing information.
Red Clay Renovation must be in consistence with the
accompanying: HIPPA Privacy and Security Rule, Freedom of
Information Act (FOIA), PCI DSS, Privacy Act of 1977,
Building Codes and Regulations. It is to the greatest advantage
of the organization for all workers to comprehend the
Acceptable Use Policy to settle on trustworthy choices before
participating in inadmissible utilization of the approach. Any
offense with the Acceptable Use Policy could conceivably cause
Red Clay Renovation considerable loss of its business and its
notorieties. On the off chance that any worker needs more data
with this arrangement, they can reach out to the IT department
directly.
Policy Content
Utilization of IT Systems
Red Clay Renovation possesses the property rights to all
information put away on its framework. Red Clay Renovation
frameworks are for the sole use to help and keep up its business.
Red Clay Renovation whenever can screen any substance that is
3. put away on its framework.
Data Security
All representatives are in charge of verifying information,
records, and frameworks under their control. Keep passwords
secure and don't uncover your secret word to anybody in any
capacity whatsoever. Clients are in charge of locking their
workstation where not around.
Unsuitable Use
All representatives should utilize decision making ability before
participating in any unsuitable utilization of Red Clay
Renovation's framework. If all else fails inquire as to whether a
site is restricting you from doing your everyday undertakings at
that point request that senior administration oblige your interest
by giving you get to. Never bring issue into your own hands.
• Do not get to pornography destinations on organization's
framework
• Do not get to any destinations that actuate brutality,
despise violations, bigotry and separation
• Do not share delicate data, exchange insider facts to
anybody outside the organization or any individual who does
not have a need to know.
• Do not mess with the IT security framework
• Do not direct any organizations that would bargain the
uprightness of the organization or carry disgrace to it.
• Do not duplicate organization restrictive data
Enforcement
The CISO and the IT group are the purpose of contact to this
approach. Together they will keep up this approach. Any
exemption should originate from senior administration with the
counsel of the CISO and the IT group. Representatives who
damage this strategy might be ended or relies upon the idea of
the brutality may confront criminal examinations. If all else
fails, maybe ask over be grieved (SANS, 2014).
Bring Your Own Device (BYOD)
Introduction
Red Clay Renovation goes into a concurrence with its
4. representatives who are qualified the benefit of carrying their
own gadgets to work. Qualified representatives will most likely
utilize their cell phones, tablets and workstations at work
exclusively to lead organization's matter of fact. The IT will
investigate the BYOD to guarantee the gadgets meet the
insurance, security and trustworthiness of Red Clay Renovation
framework standard. The Company has the privilege to disavow
the approach with no support, and all representatives must
concur and keep the arrangement before giving individual
gadgets access to the system.
Red Clay Renovation may send its representatives to different
areas to plot or study a home which will require the worker to
take pictures or utilizing CAD programming to plot.
Representatives who introduce the shrewd gadgets for Red Clay
Renovation may need to get to the organization system to
transfer or arrange a brilliant home venture remotely. The
requirement for utilizing cell phones fundamentally for this
organization is basic.
Red Clay Renovation and its certified workers concur that
gadgets with camera or video will be handicapped while on
location, certain site are while on organization's time and the
limitation of some applications are not permitted on the gadget
while the strategy and the understanding are in actuality.
Representatives consent to give Red Clay Renovation a chance
to introduce the important programming and applications to
their gadgets to meet explicit prerequisite of the organization
and at end the organization will eradicate or wipe all substance
in the gadgets.
Policy Content
Client understanding
Red Clay Renovation may repudiate this benefit or look for
legitimate activity for neglecting to go along to with the
standard contain in the BYOD approach. Client makes a deal to
avoid utilizing outsider programming except if to Red Clay
Renovation confirms it first. Client concurs that Red Clay
Renovation isn't in charge of harms or loss of the gadget
5. (cio.gov, 2012). Client consents to turn all BYOD that was
outfitted with Red Clay Renovation application and
programming to the IT group inside five business long periods
of end of work or face losing clearing out the gadgets remotely
with an executable order.
Security
The gadgets must be secret key secured to counteract
unapproved get to and pursue Red Clay Renovation secret word
arrangement for locking up the gadgets. Besides the gadget must
close itself out inside two minutes of dormancy and totally lock
out after five fizzled login endeavors. Red Clay Renovation IT
group will remotely delete gadget information if an infection is
suspected, a break of strategy or after end of business (Berry,
2016).
Dangers/Liabilities
The CISO and the IT group will, best case scenario due its due
determination to abstain from eradicating any bits of the
individual information if there should arise an occurrence of a
remote wipe. Client is mindful to informing Red Clay
Renovation inside one hour if the BYOD is lost or when
recognize the gadget is lost.
• The representative is required to utilize the gadgets in a
way that is helpful for the approach.
• The representative is in charge of all expense related with
the gadgets.
• The worker is obligated for any infection or programming
issues that reason any glitch of the organization's product.
The organization will keep up and bolster its product and
applications while in the BYOD concurrence with the worker.
Fixes and updates will originate from the IT group organize
foundation. On the off chance that BYOD is out past its time or
obsolete, at that point workers may quit if the organization
chooses to move up to an increasingly present gadget.
• Abide by state laws relating to the utilization of portable
phones and additionally cell phones while driving (e.g., without
hands use as well as messaging).
6. • User will secret word ensure the gadget
• User makes a deal to avoid altering the gadget working
framework and have the endures security patches.
• User makes a deal to avoid offering the gadget to anybody
other than the IT group of Red Clay Renovation.
• Employees won't almost certainly download; introduce an
application that isn't on the organization's affirmed records.
• Only cell phones and tablets that are BYOD qualified will
approach the system.
• Employees' entrance to organization information is
restricted dependent on client profiles characterized by IT and
consequently authorized (Berry, 2016).
Media Sanitation, Reuse and Destruction
Introduction
The motivation behind this arrangement is to outline the best
possible transfer and disinfecting and pulverization of media,
physical or electronic at Red Clay Renovation. The approach is
to confine the overstoring of touchy data and when PII, orders
data are never again fundamental or serve any advantages to the
organization. Red Clay Renovation gathers charge card holder
information and customers medicinal records and PII.
Eventually these information should be devastate, Red Clay
Renovation utilizes NIST unique Publication 800-88 rules to
obliterate and sterilize information.
Policy Content
Floppy Disks, Zip Disks CDs, DVDs
It is less expensive to demolish these media instead of to reuse
them; there is no genuine incentive there any longer. Most ideal
path is to wreck them by utilizing a crosscut destroying machine
or precious stone cut paper shredder. Consuming the circles is
likewise an affirmed strategy; guarantee that an individual
structure the organization is available to check the full burning
of the plates; no parts are left or could be recreated.
Work area and Laptop Computers, External Hard Drives
Red Clay Renovation will execute NIST extraordinary
7. Publication 800-88 area 2.6 as a manual for assistance clean
electronic media. Degaussing and overwriting are different
strategies that will crush the plate drive for all time.
Complex Systems
Frameworks overseers with servers, server frameworks, and
increasingly complex stockpiling resources, for example, RAID
clusters and PC based logical instruments ought to get
comfortable with the NIST Guidelines and ought to pursue its
suggestions and techniques for viable media purification and
transfer (Space.internet, 2015).
• Paper-based or other printed version media with private
Data must be destroyed with a cross-cut shredder before
transfer.
• Limit the span of paper-based media containing classified
information to 1x5 mm (1/32"x1/5").
• The greatest molecule measure for media containing
inward information is 2x15 mm (1/16"x3/5").
• Ensure burning pursues neighborhood and state and
government guidelines.
• When cleansing is finished by overwriting the information,
at least three passes is prescribed
• Ensure all gear that isn't required are all eradicate and the
hard drives are taken out.
• To totally crush the hard drive is by destroying, pounding,
breaking down, or cremation.
• Degaussing is a worthy strategy for cleansing information
from attractive media. Know this ordinarily renders the media
unusable.
• If the media contains ePHI that will be utilized later on, a
precise of the information must be made before its obliteration
or cleanse.
• Any media containing ePHI must be followed, and a record
of its cleanse, obliteration or reuse must be kept.
8. References
A toolkit to support federal agencies implementing bring your
own device (BYOD) programs. (2012). Retrieved from
https://cio.gov/wp-content/uploads/downloads/2012/09/byod-
toolkit.pdf
Acceptable Use Policy. (2014, June). Retrieved from
https://www.sans.org/security-
resources/policies/general/pdf/acceptable-use-policy
Berry, B. M. (2013). BYOD Policy Template. Retrieved from
http://www.itmanagerdaily.com/byod-policy-template/
Example Acceptable Use Policy for IT Systems. (n.d.).
Retrieved from https://www.sophos.com/en-
us/medialibrary/PDFs/other/sophosexampleITacceptableusepolic
y.ashx.
Guidelines for Media Sanitization. (2014, December). Retrieved
from
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-88r1.pdf
Hassell, J. (2012). 7 Tips for Establishing a Successful BYOD
Policy. Retrieved from
http://www.cio.com/article/2395944/consumer-technology/7-
tips-for-establishing-a-successful-byod-policy.html
Media Sanitization and Destruction Policy Sample. (2013).
Retrieved from
https://www.michigan.gov/documents/msp/Media_Sanitization_
Destruction_Policy_442249_7.pdf
Practical Information Media Sanitization Guidelines for Higher
9. Education. (2015, July). Retrieved from
https://spaces.internet2.edu/display/2014infosecurityguide/Guid
elines for Information Media Sanitization
Reid, G., & Hilldale, D. (2006). Acceptable use policy
template. Retrieved from
https://www.first.org/_assets/resources/guides/aup_generic.doc