just need this to be edited

JAMES4567J
CSIAASSIGNMENT.docx

CSIA 413: Cybersecurity Policy, Plans, and Programs

June 2, 2019

Executive Summary

The Red Clay Renovations Employee Handbook is to give general rules about its strategies. The Employee Handbook will fill in as a guide for workers to get comfortable with Red Clay Renovations strategies for "Acceptable Use Policy for Information Technology", "Bring Your Own Device Policy " and "Digital Media Sanitization, Reuse, and Destruction Policy". Red Clay Renovations maintains whatever authority is needed to adjust the Employee Handbook to best suit the organization whenever with no earlier warning to its representatives.

Red Clay Renovations "Acceptable Use Policy for Information Technology" will characterize in subtleties what Acceptable Use is and what it's most certainly not. Every Employee will get his/her duty of the framework accounts, processing resources, organize utilization and will sign and consent to the approach before access is conceded to the system.

Red Clay Renovations "Bring Your Own Device Policy or BYOD" will name every one of the gadgets that are satisfactory as BYOD and the administration of the use of such gadgets. Every worker's gadgets must satisfy the arrangement guideline before actualizing the gadgets into Red Clay Renovation Company.

Red Clay Renovations "Digital Media Sanitization, Reuse, and Destruction Policy" will ensure that any worker of Red Clay Renovation who marked for the BYOD approach has/should sign this arrangement also. Workers need to comprehend the techniques the organization will use to clean off the BYOD.

Acceptable Use Policy

Introduction

This Acceptable Use Policy is for all Red Clay Renovation workers and supplants every single past version. All workers are liable to the terms and states of the Policy. The approach will build up satisfactory and inadmissible utilization of defending the security of information, secure and ensure PC and PCs, the use of system condition and servers, the utilization of electronic correspondences. Additionally Red Clay Renovation gathers, keeps up, and stores individual data to incorporate Mastercard’s, credit checks, building plans and illustrations, customers restorative and wellbeing information.

Red Clay Renovation must be in consistence with the accompanying: HIPPA Privacy and Security Rule, Freedom of Information Act (FOIA), PCI DSS, Privacy Act of 1977, Building Codes and Regulations. It is to the greatest advantage of the organization for all workers to comprehend the Acceptable Use Policy to settle on trustworthy choices before participating in inadmissible utilization of the approach. Any offense with the Acceptable Use Policy could conceivably cause Red Clay Renovation considerable loss of its business and its notorieties. On the off chance that any worker needs more data with this arrangement, they can reach out to the IT department directly.

Policy Content

Utilization of IT Systems

Red Clay Renovation possesses the property rights to all information put away on its framework. Red Clay Renovation frameworks are for the sole use to help and keep up its business. Red Clay Renovation whenever can screen any substance that is put away on its framework.

Data Security

All representatives are in charge of verifying information, records, and frameworks under their control. Keep passwords secure and don't uncover your secret word to anybody in any capacity whatsoever. Clients are in charge of locking their workstation where not around.

Unsuitable Use

All representatives should utilize decision making ability before participating in any unsuitable utilization of Red Clay Renovation's framework. If all else fails inquire as to whether a site is restricting you from doing your everyday undertakings at that point request that senior administration oblige your interest by giving you get to. Never bring issue into your own hands.

• Do not get to pornography destinations on organization's framework

• Do not get to any destinations that actuate brutality, despise violations, bigotry and separation

• Do not share delicate data, exchange insider facts to anybody outside the organization or any individual who does not have a need to know.

• Do not mess with the IT security framework

• Do not direct any organizations that would bargain the uprightness of the organization or carry disgrace to it.

• Do not duplicate organization restrictive data

Enforcement

The CISO and the IT group are the purpose of contact to this approach. Together they will keep up this approach. Any exemption should originate from senior administration with the counsel of the CISO and the IT group. Representatives who damage this strategy might be ended or relies upon the idea of the brutality may confront criminal examinations. If all else fails, maybe ask over be grieved (SANS, 2014).

Bring Your Own Device (BYOD)

Introduction

Red Clay Renovation goes into a concurrence with its representatives who are qualified the benefit of carrying their own gadgets to work. Qualified representatives will most likely utilize their cell phones, tablets and workstations at work exclusively to lead organization's matter of fact. The IT will investigate the BYOD to guarantee the gadgets meet the insurance, security and trustworthiness of Red Clay Renovation framework standard. The Company has the privilege to disavow the approach with no support, and all representatives must concur and keep the arrangement before giving individual gadgets access to the system.

Red Clay Renovation may send its representatives to different areas to plot or study a home which will require the worker to take pictures or utilizing CAD programming to plot. Representatives who introduce the shrewd gadgets for Red Clay Renovation may need to get to the organization system to transfer or arrange a brilliant home venture remotely. The requirement for utilizing cell phones fundamentally for this organization is basic.

Red Clay Renovation and its certified workers concur that gadgets with camera or video will be handicapped while on location, certain site are while on organization's time and the limitation of some applications are not permitted on the gadget while the strategy and the understanding are in actuality.

Representatives consent to give Red Clay Renovation a chance to introduce the important programming and applications to their gadgets to meet explicit prerequisite of the organization and at end the organization will eradicate or wipe all substance in the gadgets.

Policy Content

Client understanding

Red Clay Renovation may repudiate this benefit or look for legitimate activity for neglecting to go along to with the standard contain in the BYOD approach. Client makes a deal to avoid utilizing outsider programming except if to Red Clay Renovation confirms it first. Client concurs that Red Clay Renovation isn't in charge of harms or loss of the gadget (cio.gov, 2012). Client consents to turn all BYOD that was outfitted with Red Clay Renovation application and programming to the IT group inside five business long periods of end of work or face losing clearing out the gadgets remotely with an executable order.

Security

The gadgets must be secret key secured to counteract unapproved get to and pursue Red Clay Renovation secret word arrangement for locking up the gadgets. Besides the gadget must close itself out inside two minutes of dormancy and totally lock out after five fizzled login endeavors. Red Clay Renovation IT group will remotely delete gadget information if an infection is suspected, a break of strategy or after end of business (Berry, 2016).

Dangers/Liabilities

The CISO and the IT group will, best case scenario due its due determination to abstain from eradicating any bits of the individual information if there should arise an occurrence of a remote wipe. Client is mindful to informing Red Clay Renovation inside one hour if the BYOD is lost or when recognize the gadget is lost.

• The representative is required to utilize the gadgets in a way that is helpful for the approach.

• The representative is in charge of all expense related with the gadgets.

• The worker is obligated for any infection or programming issues that reason any glitch of the organization's product.

The organization will keep up and bolster its product and applications while in the BYOD concurrence with the worker. Fixes and updates will originate from the IT group organize foundation. On the off chance that BYOD is out past its time or obsolete, at that point workers may quit if the organization chooses to move up to an increasingly present gadget.

• Abide by state laws relating to the utilization of portable phones and additionally cell phones while driving (e.g., without hands use as well as messaging).

• User will secret word ensure the gadget

• User makes a deal to avoid altering the gadget working framework and have the endures security patches.

• User makes a deal to avoid offering the gadget to anybody other than the IT group of Red Clay Renovation.

• Employees won't almost certainly download; introduce an application that isn't on the organization's affirmed records.

• Only cell phones and tablets that are BYOD qualified will approach the system.

• Employees' entrance to organization information is restricted dependent on client profiles characterized by IT and consequently authorized (Berry, 2016).

Media Sanitation, Reuse and Destruction

Introduction

The motivation behind this arrangement is to outline the best possible transfer and disinfecting and pulverization of media, physical or electronic at Red Clay Renovation. The approach is to confine the overstoring of touchy data and when PII, orders data are never again fundamental or serve any advantages to the organization. Red Clay Renovation gathers charge card holder information and customers medicinal records and PII. Eventually these information should be devastate, Red Clay Renovation utilizes NIST unique Publication 800-88 rules to obliterate and sterilize information.

Policy Content

Floppy Disks, Zip Disks CDs, DVDs

It is less expensive to demolish these media instead of to reuse them; there is no genuine incentive there any longer. Most ideal path is to wreck them by utilizing a crosscut destroying machine or precious stone cut paper shredder. Consuming the circles is likewise an affirmed strategy; guarantee that an individual structure the organization is available to check the full burning of the plates; no parts are left or could be recreated.

Work area and Laptop Computers, External Hard Drives

Red Clay Renovation will execute NIST extraordinary Publication 800-88 area 2.6 as a manual for assistance clean electronic media. Degaussing and overwriting are different strategies that will crush the plate drive for all time.

Complex Systems

Frameworks overseers with servers, server frameworks, and increasingly complex stockpiling resources, for example, RAID clusters and PC based logical instruments ought to get comfortable with the NIST Guidelines and ought to pursue its suggestions and techniques for viable media purification and transfer (Space.internet, 2015).

• Paper-based or other printed version media with private Data must be destroyed with a cross-cut shredder before transfer.

• Limit the span of paper-based media containing classified information to 1x5 mm (1/32"x1/5").

• The greatest molecule measure for media containing inward information is 2x15 mm (1/16"x3/5").

• Ensure burning pursues neighborhood and state and government guidelines.

• When cleansing is finished by overwriting the information, at least three passes is prescribed

• Ensure all gear that isn't required are all eradicate and the hard drives are taken out.

• To totally crush the hard drive is by destroying, pounding, breaking down, or cremation.

• Degaussing is a worthy strategy for cleansing information from attractive media. Know this ordinarily renders the media unusable.

• If the media contains ePHI that will be utilized later on, a precise of the information must be made before its obliteration or cleanse.

• Any media containing ePHI must be followed, and a record of its cleanse, obliteration or reuse must be kept.

References

A toolkit to support federal agencies implementing bring your own device (BYOD) programs. (2012). Retrieved from https://cio.gov/wp-content/uploads/downloads/2012/09/byod-toolkit.pdf

Acceptable Use Policy. (2014, June). Retrieved from https://www.sans.org/security-resources/policies/general/pdf/acceptable-use-policy

Berry, B. M. (2013). BYOD Policy Template. Retrieved from http://www.itmanagerdaily.com/byod-policy-template/

Example Acceptable Use Policy for IT Systems. (n.d.). Retrieved from https://www.sophos.com/en-us/medialibrary/PDFs/other/sophosexampleITacceptableusepolicy.ashx.

Guidelines for Media Sanitization. (2014, December). Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Hassell, J. (2012). 7 Tips for Establishing a Successful BYOD Policy. Retrieved from http://www.cio.com/article/2395944/consumer-technology/7-tips-for-establishing-a-successful-byod-policy.html

Media Sanitization and Destruction Policy Sample. (2013). Retrieved from https://www.michigan.gov/documents/msp/Media_Sanitization_Destruction_Policy_442249_7.pdf

Practical Information Media Sanitization Guidelines for Higher Education. (2015, July). Retrieved from https://spaces.internet2.edu/display/2014infosecurityguide/Guidelines for Information Media Sanitization

Reid, G., & Hilldale, D. (2006). Acceptable use policy template. Retrieved from https://www.first.org/_assets/resources/guides/aup_generic.doc