Company Background & Operating Environment
Home RenovationCompany specializes in the renovation and rehabilitation of residential buildings and dwellings. It specializes in “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristics. Please refer to the company profile (attached) for additional background information and information about the company’s operating environment.
Policy Issue & Plan of Action
The current Employee Handbook is not up to standards and needs to be updated. The CEO has tasked the Chief of Staff to oversee the handbook updates including obtaining all necessary approvals from the Corporate Governance Board. The Chief of Staff met with the full IT Governance Board to discuss the required policy updates. (The IT Governance Board is responsible for providing oversight for all IT matters within the company). The outcome of that meeting was an agreement that the CISO and CISO staff will update and/or create IT related policies for the employee handbook. These policies include:
• Acceptable Use Policy for Information Technology
• Bring Your Own Device Policy
• Digital Media Sanitization, Reuse, & Destruction Policy
– Research the three policies to determine what they should contain and construct an approval draft for each policy. (Do not exceed two pages for each individual policy)
– Be concise in your writing and only include the most important elements for each policy.
– The policies are to be written for EMPLOYEES and must explain employee obligations and responsibilities.
– Each policy must also include the penalties for violations of the policy and identify who is responsible for compliance enforcement.
Include in your draft:
– Executive Summary
– Acceptable Use Policy for Information Technology (limit to 2 pages)
– Bring Your Own Device Policy (limit to 2 pages)
– Digital Media Sanitization, Reuse, & Destruction Policy(limit to 2 pages)
1. Use a professional format for your policy documents and briefing package.
2. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references.
3. Make sure that you address security issues using standard cybersecurity terminology (e.g.5 Pillars of IA, 5 Pillars of Information Security).