Scenario Overview
Meal Times
Lunch 11:30 break
Back by 1pm
Dinner 5:00 pm break
Back by 6:30 pm
Scenarios
Scenario A – for odd numbered teams
Banking industry
Scenario B – for even numbered teams
Research hospitals
Unless otherwise noted all Figures are from the Textbook
Using the methodologies in Chapters 6 - 9
Summarize the issues that face banks / research hospitals
What types of policies are needed?
What core principles apply here?
What would be the best framework to use for a bank / research hospital?
What User Domains should there be?
Be sure to define who the groups are
What files and folders containing what type of data should they have access to?
How would you go about implementing the changes?
Things to consider
What assets are you protecting?
Where is it stored?
Local
Central
Cloud
What communication processes are used?
Email,
Social media
Web based
What accesses your network?
Automated devices
IoT
Artificial Intelligence
BYOD
Who are your users?
Include in Summary
Provide specific Examples of what has happened in the banking industry or research hospitals
What happened?
What solutions were implemented?
What worked?
What didn’t work?
Policy
Standards
Procedures
Guidelines
Defines how an organization performs and conducts business functions and transactions with a desired outcome
An established method implemented organization-wide
Steps required to implement a process
A parameter within which a policy, standard, or procedure is suggested
Common Frameworks
Control Objectives for Information and related Technology (COBIT)
ISO/IEC 27000 series
National Institute of Standards and Technology (NIST) Special Publications
Example: SP 800-53, “Recommended Security Controls for Federal Information Systems and Organizations
10/19/2018
8
Choosing a Framework
Describe the frameworks commonly used
Explore the ones you think would work in your scenario
Explain and describe the one you chose
Can be an existing framework
Combination of existing
Your own creation
Justify your decision
ISO /IEC 27002
Foreward
Information Security Policy
Organization of information security
Human resources security
Asset management
Access control
Cryptography
Physical and Environmental security
Operations Security
Communications Security
System acquisition, development and maintenance
Supplier relationships
Incident management
Business continuity management
Compliance
Access Control Policy Branch
Access Control Policy Branch of a Policy and Standards Library
10/19/2018
11
External and Internal Factors Affecting Policies
Policies must align with the business model or objective to be effective
External factors
Regulatory and governmental initiatives
Include the regulations that affect your industry
Internal factors
Culture, support, and funding
Describe the culture
10/19/2018
12
Core Principles
Go through and select the core principles that apply
How are you using them?
What will it take to.
1. Scenario Overview
Meal Times
Lunch 11:30 break
Back by 1pm
Dinner 5:00 pm break
Back by 6:30 pm
Scenarios
Scenario A – for odd numbered teams
Banking industry
Scenario B – for even numbered teams
Research hospitals
Unless otherwise noted all Figures are from the Textbook
Using the methodologies in Chapters 6 - 9
Summarize the issues that face banks / research hospitals
What types of policies are needed?
What core principles apply here?
What would be the best framework to use for a bank / research
hospital?
What User Domains should there be?
Be sure to define who the groups are
What files and folders containing what type of data should they
have access to?
How would you go about implementing the changes?
2. Things to consider
What assets are you protecting?
Where is it stored?
Local
Central
Cloud
What communication processes are used?
Email,
Social media
Web based
What accesses your network?
Automated devices
IoT
Artificial Intelligence
BYOD
Who are your users?
Include in Summary
Provide specific Examples of what has happened in the banking
industry or research hospitals
What happened?
What solutions were implemented?
What worked?
What didn’t work?
Policy
3. Standards
Procedures
Guidelines
Defines how an organization performs and conducts business
functions and transactions with a desired outcome
An established method implemented organization-wide
Steps required to implement a process
A parameter within which a policy, standard, or procedure is
suggested
4. Common Frameworks
Control Objectives for Information and related Technology
(COBIT)
ISO/IEC 27000 series
National Institute of Standards and Technology (NIST) Special
Publications
Example: SP 800-53, “Recommended Security Controls for
Federal Information Systems and Organizations
10/19/2018
8
Choosing a Framework
Describe the frameworks commonly used
Explore the ones you think would work in your scenario
Explain and describe the one you chose
Can be an existing framework
Combination of existing
Your own creation
Justify your decision
ISO /IEC 27002
Foreward
Information Security Policy
Organization of information security
5. Human resources security
Asset management
Access control
Cryptography
Physical and Environmental security
Operations Security
Communications Security
System acquisition, development and maintenance
Supplier relationships
Incident management
Business continuity management
Compliance
Access Control Policy Branch
Access Control Policy Branch of a Policy and Standards Library
10/19/2018
11
External and Internal Factors Affecting Policies
Policies must align with the business model or objective to be
effective
External factors
Regulatory and governmental initiatives
Include the regulations that affect your industry
Internal factors
Culture, support, and funding
Describe the culture
6. 10/19/2018
12
Core Principles
Go through and select the core principles that apply
How are you using them?
What will it take to implement?
Policy and Standards Development Core Principals
10/19/2018
14
Accountability
Awareness
Ethics
Multidisciplinary
Proportionality
Integration
7. Policy and Standards Development Core Principals (Continued)
10/19/2018
15
Defense in Depth
Timeliness
Reassessment
Democracy
Internal Control
Adversary
8. Policy and Standards Development Core Principals (Continued)
10/19/2018
16
Least Privilege
Separation of Duties
Continuity
Simplicity
Policy-Centered Security
9. Transparency with Customer Data
Transparency
Individual
Participation
Purpose
Specification
Use
Limitation
Data
Minimization
IS0/IEC 27002
IS0IEC 27002 Notice Board
10. http://www.iso27001security.com/html/27002.html
Implementing Policies and Libraries
Implementing your policies and libraries entails three major
steps:
• Reviews and approvals for your documents
• Publication of the documents
• Awareness and training
10/19/2018
19
Build Consensus
Publication
Awareness Training
Reviews/
Approvals
Members of the Policy Change Control Board
Information Security
Compliance Management
Auditing
11. Human Resources (HR)
Leadership from the key information business units
Project Managers (PMs)
Members come from functional areas of the organization.
The roles for each member would be to approve changes to the
policies, reflecting alignment to business objectives.
Each functional area oversee policies pertaining to their
perspective area of responsibility, while they also play a role in
the approval of policy changes that effect the organization as a
whole.
10/19/2018
20
Policy Change Control Board
10/19/2018
21
Assess policies/
standards and recommend changes
Coordinate requests for change (RFCs)
12. Ensure that changes support organization’s mission and goals
Review requested changes
Establish change management process
User Domains
Define your users
Look at your industry
Who is on the network?
What do they need access to?
What should they be denied access to?
13. MGT 355: Managerial communication
Case Study
Written Critique
10/7/2010
[
Designing Email Messages for Corporate Readers: a Case Study
of Effective and Ineffective Rhetorical Strategies at a Fortune
100 Company
Sam H. DeKay (2010) writes that, “72% of all full time people
have an email that they use for work” (pg 109). That is a very
high percentage, almost 3 out of 4 people using email for work.
Although face to face meeting are still the favored way to
communicate, email was the most preferred to other forms of
business communication. But this has huge implications, since
more and more people are emailing each other. How do you,
effectively communicate with others in this growing and
evolving medium?
DeKay looked at about 23,000 employees at a Fortune 100
company from April of 2002 to December of 2003. They would
receive 2 emails daily containing tips on how to better practice
computer safety and security. These emails would have
“…colorful clip art and have employed a variety of font styles
and text colors” (DeKay, 2010, pg111). None of these emails
were made to like the typical black and white memorandum-
style emails that many expect to see in a business type setting.
These emails are concerned “old style” emails in her case study.
Then in 2008, upper management decided that it would change
the style of these emails. Their visual layout was moved away
14. from clip art, and the colorful font to more black text on a white
background. These are the “new style” emails in DeKay’s
study.
In her study, DeKay attempted to measure how effective
each style was but looking at the monthly average of responses
to each type of email style. “Old Style” brought in about 4
responses per month; “new style” had about 40 responses
monthly. While it can be argued that “old style” was not able to
hold on to and keep readers interest, it must be noted that there
were several style changes between the two. For starters, “old
style” did not include a “To:”, “From:”, and “CC” field. It was
also missing a subject line, boldface, and underlining and was
written in a more casual tone. While “new style” had all the
fields that “old style” was missing, but it tended to miss titles,
headings, paragraph breaks. As well as boldface, italics and
clip art. Both never really ever had the corporate log in the
email. Two other factors that had to be taken into account are
genres and pragmatic functions. Genres are “…visual templates
used by certain types of documents, including the arrangement
of textual blocks on a page and the size and shape of pages
composing the document” (DeKay, 2010, page 114). Pragmatic
functions are just setting up the contents of the email so the
reader can understand its meaning in a clear and concise way.
While Dekay points out that “old style” messages did not
generate very much response back from the people that it was
emailed to, all the responses that “new style” did generate may
be a problem of its own. Many felt that the email was
addressed for them and that the tips were to correct something
that they were or had done something wrong. Often, employees
would send responses expressing that they did not do the
behavior the “Smart Tips” email was warning not to do. The
form of the “new style” did a better job of conveying the
information in its contents but since it had a “TO:” field, this
caused many to become confused and was more than likely the
real cause of why there “new style” had such a high response
rate.
15. DeKay does a good job of pointing out a two very distinct
styles of emails, however offers very little in the way saying
which one is effective in communicating and which one is not.
Both styles have pluses and minuses, and DeKay offers a
solution of using software designed to let you take control over
more features in your emails. This solution allows for people to
better develop their emails from a visual standpoint, but what
about those that are not lucky enough to have that option
available to them?
It is here that I offer my thoughts on this subject. Emails
are an evolving technology; you can do more with them now
than you could a few years ago. However, inside a business
context, it is not what you can do with an email; it is also
WHAT you say in an email. If you as an employee are putting
together an email, it is obvious that you have moved beyond
planning of how to communicate your message and into
planning how you are going to say it. The words you use can
set your style and tone for the email. “You can vary your style
to sound forceful, or objective, personal or formal, colorful or
dry” (Bovee and Thrill, 2010, page 124). Part of your style is
the words you use and how you structure them into sentences
and paragraphs and how you structure them in the email.
Although, like with everything electronic, you don’t have to
limit yourself to just a cut and dry message, you can add some
life to it! You can use clip art and pictures and color font if
you want, you just have to know your audience and their needs.
If you are sending out a mass email that is just to inform
people; depending on what the email is about, clip art or other
electronically media could help greatly to enhance your
message.
Other times, many people expect business emails to be
very dry and to the point. While this is very helpful in getting
information across, if you are anything like me, you write very
similar to how you talk. This can be a bad thing, if used in the
wrong way. A blending of the two styles that DeKay talks
about is my offer. “New style” emails do a great job of genre
16. features, pretty much everything you expect to see in an email.
The hard part is blending it with “old style” pragmatic functions
such as structural and stylistic cues. These can help make your
email feel less dry and impersonal and give you the ability to
set the email in your style and tone. My last advice comes from
our own communications book, “Although style can be refined
during the revision process…, you’ll save time and a lot of
rewriting if you use a style that allows you to achieve the
desired tone from the start” (Bovee and Thrill, 2010, page
124).” This just plays into knowing your style and being able to
determine if it is the right style you should be using in writing a
particular email. If not, it would be best to use another style
better suited so you do not have to spend a great deal of time
rewriting your email.
In parting, emails are an evolving technology that can
allow you to communicate in was you may not have been able to
before. There are two very distinct style for writing an email in
existence right now; one way is more colorful and casual set
while the other is more dry and formal. Neither are bad in their
own right, it is up to the writer to figure out not only how to
communicate, but also figure out how best to structure that
message. If one of the above styles works, use it. But more
times than not, the answering going to lie somewhere in
between the extremes. All that is left is for the writer to figure
out which shade of gray is best for them.
References
Bovee, Courtland L,; Thrill, John V. “Business Communication
Today.” Prentice Hall. United States of
America. October 7, 2010.
DeKay, Sam H. “Designing Email Messages for Corporate
Readers: a Case Study of Effective and
Ineffective Rhetorical Strategies at a Fortune 100 Company.”
Business Communication
Quarterly. January, 2010.
<http://bcq.sagepub.com/content/73/1/109.extract>. Ocotober
17. 7, 2010.
WRITTEN CASE STUDY CRITIQUE 2
Written Case Study Critique
Anonymous
Central Michigan University
Running head: WRITTEN CASE STUDY CRITIQUE 1
WRITTEN CASE STUDY CRITIQUE 3
Abstract
This paper focuses on the article titled “Generational Diversity”
by Linda Kramer in the Dimensions of Critical Care Nursing.
This article is based on the generational differences in the
nursing field, and how that influences and affects the workplace
atmosphere. In this paper, the article will be briefly
summarized, along with discussion on the communication issues
at hand and solutions to the problem.
18. Written Case Study Critique
“Generational Diversity” by Linda Kramer in the Dimensions of
Critical Care Nursing is an article mainly focused on why
generational diversity is occurring in the nursing industry, its
affects on the environment, and what nurse leaders can do to
overcome that challenge. Kramer begins the article by giving
brief definitions of generational diversity, the generational gap,
generational values, and generational cohorts. Kramer (2010)
explains that the different groups of generations form
generational cohorts which are “groups of people who share
birth years, history, and a collective personality as a result of
their defining experiences” (p.125). The four different
generational cohorts are the Veterans, the Baby Boomers,
Generation X, and the Millennial Generation. The Veterans who
grew up during the Great Depression tend to be conservative,
respectful of hierarchy and authority, and value face-to-face
communication (Kramer, 2010, p.125). The Baby Boomers are
the largest cohort in the nursing workforce, and also are often
known as workaholics who value public recognition for
successful work (Kramer, 2010, p. 126). Generation X believes
19. more in a work-life balance, and many are currently reentering
nursing as a second career (Kramer, 2010, p. 126). The
Millennial Generation is the smallest cohort in the nursing
industry, and technology plays a big role in the way they
communicate in the workplace. Kramer (2010) mentions that if
they do not address the issue of generational diversity,
miscommunication will occur which could lead to unresolved
conflicts (p.127). She states that ways to address the issue
include understanding the differences between the generational
cohorts, focusing on how to motivate each different cohort, find
a communication style that fits each cohort, and using the
differences between each generation to enhance the team (2010,
p. 128). Though Kramer mentions several solutions to the
generational diversity in the nursing industry, there are also
several other options available.
The changing environment in the workplace is leading to
generational diversity not only in the nursing industry, but also
in several industries across the world. Generational diversity is
not the only cultural difference affecting the workplace. In the
textbook “Business Communication Today” by Courtland Bovee
and John Thill (2010), there are eight main types of cultural
differences. They include contextual, legal and ethical, social,
nonverbal, age, gender, religious, and ability (Bovee & Thill, p.
66). Each of these different cultural differences is affecting the
workplace environment, and just like generational diversity,
need to be acknowledged before miscommunication occurs.
One of the first and most important solutions for overcoming
the challenge of generational diversity is studying the other
generational cohorts. To realize that there is even an issue at
hand, leaders in the nursing industry need to recognize that each
generation produces a different type of employee. Bovee and
Thill (2010) state that “success in building bridges starts with
understanding the gaps between the two sides” (p. 72). This
studying or understanding can be done in several ways. The
leaders can research each generational cohort to find
information on their attitudes, values, communication styles,
20. and expectations. By clearly understanding that each cohort has
gone through significant experiences that effect the way they
communicate in the workplace is the first step to resolving the
challenges of generational diversity.
Respecting the differences, and not just simply understanding
the differences, is also an important aspect. To respect the
differences, nurse leaders need to change and adapt their
communication style for each generational cohort. For example,
the Baby Boomers and the Veterans prefer face-to-face
communication, while Generation X and the Millennial
Generation prefer communication via electronic devices
(Kramer, 2010). Therefore, if a nurse leader has an employee
who is a part of the Generation X group, and needs a way to
communicate a message, an e-mail may be the most effective
tool. While if a nurse leader needs to relay a message to an
employee a part of the Baby Boomer generation, they may
choose to communicate face-to-face.
Not only do the nurse leaders need to understand and respect the
differences, but the nurses within the organization who are of
different generational cohorts need to understand and respect
each other. To work effectively with each other, they also need
to take into consideration the type of communication style they
are using. Nurses from the different generational cohorts could
work together to show which communication style they are
using. For example, if an employee from Generation X only
used e-mail as their form of communication, and their colleague
who is a Baby Boomer did not necessarily understand e-mail as
well, the Generation X employee could teach them the basics of
e-mail. By doing this, they are showing that they respect and
understand the differences between their communication styles.
Respecting the differences between the generations is not only
effective in communication, but also in the type of management
the employer uses.
The management style that a nurse leader uses is also going to
differ across the generational cohorts. The Baby Boomers and
the Veterans want a manager that will praise and reward them
21. for the hard work they put in, while Generation X and the
Millennial Generation are not as concerned with the constant
rewards (Kramer, 2010). Generation X and the Millennial
Generation prefer constant mentoring and coaching from their
managers (Kramer, 2010). The nurse leaders will have to
acknowledge these differences so that each employee from
every generation is performing to the best of their abilities.
Communication is an essential part of everyday life. More
importantly, it is constantly used in the workplace environment.
Finding a communication style to fit the needs and
understanding of everyone is difficult, due to not only
generational differences, but also the other seven cultural
differences. All of the different cultural differences can lead to
miscommunication in the workplace, therefore by understanding
and respecting the differences, an organization can overcome
the challenge of cultural differences affecting communication.
References
Bovee, C., & Thill, J. (2010). Business Communication Today.
United States: Pearson Education.
Kramer, Linda. (2010). Generational Diversity. Dimensions of
Critical Care Nursing, 29 (3). Retrieved from
<http://journals.lww.com/dccnjournal/Fulltext/2010/05000/Gene
rational_Diversity.5.aspx>
22. Scenario B - Security Incident – Student Handout
Summary:
ADM Research Hospital is part of a university system which
does medical research ranging from The system they use is a
core transactional Enterprise Resource Planning system called
IHN (Integrated Health Network). IHN is similar to many core
systems that provide integrated applications on a common
platform for financials, medical records, appointments, patient
and physician information and supplies (similar to Oracle or
SAP). IHN headquarters is located in Germany, while the
Research Hospital is located in Seattle WA.
Recently it has become obvious that people are storing data
where it does not belong and people are accessing files and
directories that they should not have access to.
Elizabeth Montgomery is in charge of the team dealing with
designing, maintaining and implementing policies for users and
data. You are Elizabeth Montgomery and her team. You need to
respond to this incident by taking action immediately.
You will need to complete the following:
Using the methodologies set out in Chapters 6 through 9:
23. · Summarize the issues that face research hospitals
· What types of policies are needed?
· What core principles apply here?
· What would be the best framework to use for a research
hospital?
· What User Domains should there be?
· Be sure to define who the groups are
· What files and folders containing what type of data should
they have access to?
· How would you go about implementing the changes?
· What policies need to be in place to address the issues?
Presentation
This presentation must be supported by the research paper.
Please note the following criteria:
Research paper:
· Research Paper must be in APA Style
· Research Paper must have at least 5 works cited of which 2
must be peer reviewed works/articles (note your book can be
included as a reference)
· Must be at least 10 double-spaced pages with standard 1 inch
margins.
· 6 – 8 pages of prose
· Limit the number of bulleted lists
· Prose + charts + figures = 10 pages
·
· Total report should be 10 – 15 pages
Presentation will be 100 points and based on the following:
Completeness of the Topic (Policy, Processes, Action,
Conclusion)
24. Presentation Delivery
Alignment of policy
Paper will be 200 points:
· Meets Standard Criteria
· Completeness/content
· Incident Risk Policy as Attachment
· Logic of Processes and Actions (Thoroughness)
· Alignment of the Incident Risk Policy components in
completing and supporting the evaluation