Cyber Homework

Topic I

Red Clay's senior leadership team are reviewing the company's Annual Report, which the CEO will present at the next quarterly shareholder's meeting. That report includes the following risk statement.

We could be liable if third-party equipment recommended and installed by us, i.e. voice activated smart home controllers, infringes on the privacy of our residential clients.

Research how smart devices sense and record information from the environment around them. For example, an device might be designed to listen and record voice inputs OR it might record other sources of private information about movement, locking / unlocking of doors with dates and times, use of devices, etc.

Using your research, write a two-page briefing paper (five to seven paragraphs) that corporate board members can use to explain how the third party equipment could infringe on customer privacy and why the company might be liable for damages if customers experience a loss of privacy. Your target audience is Red Clay Renovation's to shareholders. Provide specific examples of the types of risk events that could occur and the potential impacts (e.g. financial, reputation, client trust, etc.) Your examples should relate to Red Clay and the course case study. Remember, the board members and shareholders are likely non-technical, so make sure your paper can be understood by laymen.

Topic II

The Red Clay CEO tasked the company's IT Governance Board with developing a set of policies to address IT security requirements (including mandates for protecting privacy) arising from the following "rule" or "standard":

i. PCI-DSS (credit card and transaction information)
ii. The HIPAA Security Rule (health related information)
iii. The "Red Flags" Rule (consumer credit information: identity theft prevention).

Choose one of the three sources of regulatory requirements listed above. Write a three-paragraph briefing statement that summarizes the regulatory requirements as they apply to the company's collection, processing, management, and storage of personal information about Red Clay's clients. Your briefing statement should identify the specific types of personal information covered by the "rule" or "standard." Include a compelling argument for why the company needs to adopt guidance policies that will ensure compliance with laws and regulations related to protecting personal information.

Topic III

Review the Red Clay Renovations company profile and the weekly readings. Provide specific information about "the company" in your response.

Due to changes in state and federal laws, Red Clay leadership decided the CISO will be the sole accountable official for responding to all data breaches. This change in responsibility drives the requirement for the new data breach reporting policy. The new policy will restrict the freedoms field offices currently have with respect to handling security incidents. For example, past practice did not require reporting data breaches to the company's CISO.

Prepare a two-page briefing statement (5 to 7 paragraphs) for the company's leadership team that presents the CISO's Communications Strategy for policy issuances (new, updated, changed policies). Include in your briefing an explanation (example) of how this strategy will be used to inform field office employees and managers about a new ""data breach reporting" policy. You are not writing a data breach reporting policy - you are writing a statement that presents a communication strategy for the company's new data breach reporting policy.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

Topic IV

Review the course readings and the Red Clay Renovations company profile for background information before responding to this discussion question.

The Red Clay Board of Directors tasked the company's IT Governance Board to develop a new remote access policy for teleworkers and employees traveling on business (including local area travel to client sites). This policy is required to help mitigate risks associated with remote access into the company's customer information database.The Board of Directors is concerned about exposure of customer's personal information to unauthorized individuals. At a minimum, the policy must address the use of virtual private networking by teleworkers when using company or personal equipment to access the company's servers from outside company offices.

The need for updated remote access guidance arises from three regulatory requirements:

i. PCI-DSS (credit card and transaction information)
ii. HIPAA Security Rule (health related information)
iii. Red Flags Rule (consumer credit information: identity theft prevention).

Write a two-page internal policy that includes the following:

i. Purpose: Summarize the regulatory requirements and the reason(s) Red Clay needs the remote access policy.

ii. Scope: Summarize the regulatory requirements as they apply to employees' remote access to customer information which Red Clay collects, processes, manages, and stores.

iii. Policy: Write at least ten policy statements addressing how Red Clay employees should ensure the security of computers, laptops, and other mobile devices used for remote access into the company's networks and servers. Your policy must specifically address the use of a VPN. Your policy must also include consequences and/or penalties for inappropriate or unauthorized disclosures of customer information due to the employees' failure to comply with this policy.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Make sure you use the discussion rubric as well as the above information to ensure you include all the required elements in your discussion response.

Topic V

A recent risk assessment highlighted the need for Red Clay to formalize the security measures required to protect information, information systems, and the information infrastructures for the company's headquarters and field offices. The CISO has proposed a plan of action which includes developing system security plans using guidance from NIST SP-800-18 Guide for Developing Security Plans for Federal Information Systems.

The CISO asked you to prepare a two page, draft briefing paper (5-7 paragraphs) for the IT Governance Board and Red Clay Renovations Board of Directors that introduces Security Control Classes and Security Control Families related to Red Clay risks. This audience is familiar with financial controls but has not yet been introduced to the use of controls in the context of IT security. You should leverage their knowledge in your explanations of the control classes and families. If necessary, research "financial controls" as well as IT security controls before writing this briefing paper.

Your draft briefing paper should include the following items:

i. An introduction telling the IT Governance Board and the Red Clay Board of Directors the purpose of the draft briefing paper.

ii. A description of each control class (managerial, operation, and technical). THEN, write a descriptive paragraph explaining how three these specific control classes will work together to protect the Red Clay Renovations IT Infrastructure for the Wilmington, DE Offices (Headquarters).

iii. From the below table, choose one family control from each of the management, operational, and technical control classes.

iv. Write a description of each family control, THEN write a descriptive paragraph explaining how each family control will work to protect Red Clay's IT infrastructure.

v. Select two sub-family controls (i.e., AC1 and AC6) from each family control. THEN, write a descriptive example of how this sub-family-control will protect the Red Clay infrastructure. Your examples should relate to the Red Clay case study.

Family Control Family Control Family Control

Control Class - Management Planning Risk Assessment Program Management

Control Class - Technical Control Access Controls Identification & Authentication System & Communication Protections

Control Class - Operational Control Awareness & Training Contingency Planning Incident Response

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
You must start a thread before you can read and reply to other threads

Format your homework according to the following formatting requirements:

i) The answer should be typed, using Times New Roman font (size 12), double spaced, with one-inch margins on all sides.

ii) The response also includes a cover page containing the title of the homework, the student's name, the course title, and the date. The cover page is not included in the required page length.

iii) Also include a reference page. The Citations and references must follow APA format. The reference page is not included in the required page length.