Step 1: Explore the Cybersecurity Policy Process

Before you begin revising the policies assigned to you, you will need to understand the cybersecurity policy process. First, explore a fictional scenario of insider data sabotage for an example of the ill effects of improper or nonexistent policies. Then read about cybersecurity policies to learn about policies, procedures, and standards as well as how these policies affect the roles and responsibilities throughout the organization. Finally, explore the process of policy creation to guide you through your assignment.

Step 2: Explore the Components of a Proper Policy

After your exploration of the cybersecurity policy process in the previous step, you are ready to study the requisite policy components of a well-written and implementable policy that will facilitate compliance. Take note of these components as you will apply them to your own policy revisions in the later steps.

Step 3: Identify Evaluation Criteria or Performance Measures

Now that you have identified the components of a proper cybersecurity policy, you will need to identify policy evaluation criteria for the cybersecurity policy. Refer to applicable government and industry cybersecurity standards.

In some cases, you may need to consider criminal or civil liability issues, and thus evaluation criteria may emanate from the judicial guidance. You will apply these criteria to your own policy revisions in the later steps.

Step 4: Rewrite the Current Acceptable Use Policy
 

In the first three steps, you reviewed the process of creating security policies, reviewed components of a proper policy, and identified evaluation criteria to measure against existing policies. Now, you are ready to analyze and revise your own organization’s policies. Such analysis is likely to be qualitative for some aspects, quantitative for other aspects, and a hybrid for still other aspects of the policy. As such, your choice of measures and analytical techniques must be reasonable and justifiable.
 

Begin reviewing and updating the first of three security policies for your own organization. Review your organization’s current policies, with attention to its acceptable use policy. Determine what changes are necessary and note your suggested changes on the Policy Changes Matrix. Rewrite two to three sections of the acceptable use policy that may be in question and provide justification for your suggested modifications.
 

The new policy and the Policy Changes Matrix will be attached to the final assignment. Submit the new policy and table for feedback.

Step 5: Rewrite the Current Internet Use Policy

In the previous step, you revised the acceptable use policy for your organization. Now, you will review and update the second of the three security policies for your organization. Review the details of your organization’s current policies, with attention to its internet use policy. Determine what changes are necessary and note your suggested changes on the Policy Changes Matrix. Rewrite two to three sections of the Internet use policy that may be in question and provide justification for your suggested modifications.
 

The new policy and the Policy Changes Matrix will be attached to the final assignment. Submit the new policy and table for feedback.

Step 6: Rewrite the Current Company Privacy Policy

You have just revised the internet use policy, and now you will review and update the last of the three security policies for your organization. Review your organization’s current policies, with attention to its privacy policy. Determine what changes are necessary and note your suggested changes on the Policy Changes Matrix. Rewrite two to three sections of the privacy policy that may be in question and provide justification for your suggested modifications.
 

The new policy and the Policy Changes Matrix will be attached to the final assignment. Submit the new policy and table for feedback.

Step 7: Write the Cover Letter

After completing the revision process of the acceptable use policy, the internet policy, and the privacy policy in the previous three steps, you will need to prepare a cover letter summarizing the justifications for your suggested modifications for the next team meeting. This cover letter (maximum two pages) will provide an explanation for the Policy Changes Matrix. Address the letter to the CEO, IT, and HR directors. Justifications should be in line with the business goals.

Submit your cover letter and table for feedback.

Step 8: Write the Policy Revisions Evaluation

Now that you have completed your analysis and revision of the three policies, provide a written evaluation of your organization’s cybersecurity policy to present at the next team meeting.

Your evaluation should examine the completeness and compliance of the organization’s cybersecurity policy. Consider your organization and organization-related interests as you create your evaluation, and consider other aspects, such as how to prevent the failure of the cybersecurity policy.

Complete the following tasks as you write your evaluation:

Differentiate among the various concepts of      enterprise cybersecurity.

Develop a high-level implementation plan for      enterprise cybersecurity policies.

Assess the major types of cybersecurity threats faced      by modern enterprises (assessing risk).

Discuss the principles that underlie the development      of an enterprise cybersecurity policy framework.

Articulate clearly and fairly others’ alternative      viewpoints and the basis of reasoning.

Identify significant, potential implications, and      consequences of alternative points of view.

Evaluate assumptions underlying other analytical      viewpoints, conclusions, and/or solutions.