Project #1: Employee Handbook, writing homework help

Other

Project #1: Employee Handbook

Company Background & Operating Environment

Use the assigned case study for information about “the company.”

Policy Issue & Plan of Action

The company has grown substantially over the past few years. The current Employee Handbook was created from a set of templates purchased from a business services firm. The policies in the handbook were reviewed by the company’s attorney at the time of purchase. The attorney raised no objections at that time. During a recent legal review, the company’s corporate counsel advised that the company update the Employee Handbook to better address its current operating environment. The Chief Executive Officer has tasked the Chief of Staff to oversee the handbook updates including obtaining all necessary approvals from the Corporate Governance Board.

The Chief of Staff met with the full IT Governance Board to discuss the required policy updates. (The IT Governance Board is responsible for providing oversight for all IT matters within the company). The outcome of that meeting was an agreement that the CISO and CISO staff will update and/or create IT related policies for the employee handbook. These policies include:

Acceptable Use Policy for Information Technology

Bring Your Own Device Policy

Digital Media Sanitization, Reuse, & Destruction Policy

Your Task Assignment

As a staff member supporting the CISO, you have been asked to research what the three policies should contain and then prepare an “approval draft” for each one. No single policy should exceed two typed pages in length so you will need to be concise in your writing and only include the most important elements for each policy.

The policies are to be written for EMPLOYEES and must explain employee obligations and responsibilities. Each policy must also include the penalties for violations of the policy and identify who is responsible for compliance enforcement.

Your “approval drafts” will be submitted to the IT Governance Board for discussion and vetting. If the board accepts your policies, they will then be reviewed and critiqued by all department heads and executives before being finalized by the Chief of Staff’s office. The policies will also be subjected to a thorough legal review by the company’s attorneys. Upon final approval by the Corporate Governance Board, the policies will be adopted and placed into the Employee Handbook.

Research:

  1. Review the Week 1 & 2 readings.
  2. Review the sample policies and procedures provided in Week 1.
  3. Find additional sources which provide information about the policy statements which should be covered in three policies for the Employee Handbook.

Write:

  1. Prepare briefing package with approval drafts of the three IT related policies for the Employee Handbook. Your briefing package must contain the following:
  2. Use a professional format for your policy documents and briefing package. A recommended format is provided in the assignment template file (see the recommended te mplate under Course Resources).
  3. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references.
  4. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
  • Executive Summary
  • “Approval Drafts” for
    • Acceptable Use Policy for Information Technology
    • Bring Your Own Device Policy
    • Digital Media Sanitization, Reuse, & Destruction Policy

As you write your policies, make sure that you address security issues using standard cybersecurity terminology (e.g. 5 Pillars of IA, 5 Pillars of Information Security). See the resources listed under Course Resources > Cybersecurity Concepts Review for definitions and terminology.

Your briefing should include the following:

Executive Summary

Acceptable Use Policy for Information Technology

Introduction

Policy Specifics

Bring your Own Device Policy

Introduction

Policy Specifics

Digital Media Sanitization, Resue, and Destruction Policy

Introduction

Policy Specifics

References

Also, the rubric offers details of what would be required in the executive summary, introductions, and policy specific areas.

Ned

Actions for Assignment Template Update

Class,

I contacted the department and was advised that part of the assignment for project 1 is for students to design their own format for the policies and the briefing package using best practices gained from reading sample policies.

There is no “official” template for project #1. However, in the week 1 content area there are “sample” policies which can be used to format the employee handbook.

xecutive Summary

The Executive Summary provided an excellent summary of the policy package’s purpose and contents. Information about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was well organized and easy to read.

The Executive Summary provided an outstanding summary of the policy package’s purpose and contents. Information about the case study company was integrated into the summary. Each policy in the briefing package was individually introduced and briefly explained. The material was well organized and easy to read.

The Executive Summary provided an acceptable overview of the contents of the policy package. Information about the case study company was used in the summary. Each policy in the briefing package was named and briefly explained.

The Executive Summary provided an overview of the policy package. Information about the case study company was mentioned.

An executive summary was provided but lacked details as to the purpose and contents of the policy package and/or was not well supported by information drawn from authoritative sources.

No work submitted.

Acceptable Use Policy

The Acceptable Use Policy contained an excellent introduction which addressed five or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

The Acceptable Use Policy contained an outstanding introduction which addressed three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

The introduction for the Acceptable Use Policy was customized for the case study company. Three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments were incorporated into the policy. Compliance requirements were addressed.

The introduction to the Acceptable Use Policy mentions the case study company and compliance requirements.

The Acceptable Use Policy was built from a sample template or list of “recommended” AUP contents without customization for the case study company. (Or, inappropriate or excessive copying from other authors’ work.)

No work submitted.

The Acceptable Use Policy was well organized (including 5 or more section headings for topics) and easy to understand. The policy addressed 15 or more employee responsibilities (15 or more separate policy statements) including all topics listed in the assignment.

The Acceptable Use Policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed 12 or more employee responsibilities (12 or more separate policy statements) including all topics listed in the assignment.

The Acceptable Use Policy was well organized and easy to understand. The policy addressed 10 or more employee responsibilities (as separate policy statements) including at least 7 items listed in the assignment.

Organization and appearance need improvement. The policy addressed least 7 items listed in the assignment (as separate policy statements).

The Acceptable Use Policy was disorganized and difficult to understand. OR, the policy was significantly lacking in content (7 or fewer policy statements). (Or, inappropriate or excessive copying from other authors’ work.)

No work submitted.

BYOD Policy

The BYOD Policy contained an excellent introduction which addressed three or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

The BYOD Policy contained an outstanding introduction which addressed two or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

The introduction for the BYOD Policy was customized for the case study company. One or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments were incorporated into the policy. Compliance requirements were addressed.

The introduction to the BYOD Policy mentions the case study company and compliance requirements.

The BYOD was built from a sample template or list of “recommended” BYOD contents without customization for the case study company. (Or, inappropriate or excessive copying from other authors’ work.)

No work submitted.

The BYOD Policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed 10 or more employee responsibilities (10 or more separate policy statements) including all topics listed in the assignment.

The BYOD Policy was well organized (including at least 3 section headings for topics) and easy to understand. The policy addressed 7 or more employee responsibilities (7 or more separate policy statements) including all topics listed in the assignment.

The BYOD Policy was well organized and easy to understand. The policy addressed 5 or more employee responsibilities (5 or more separate policy statements) including at least 3 topics listed in the assignment.

Organization and appearance need improvement. The BYOD policy addressed at least 3 items listed in the assignment (as separate policy statements).

The BYOD Policy was disorganized and difficult to understand. OR, the policy was significantly lacking in content (fewer than 3 specific policy statements). (Or, inappropriate or excessive copying from other authors’ work.)

No work submitted.

Removable Media Sanitization, Reuse & Destruction

The media sanitization, reuse, and destruction policy contained an excellent introduction which addressed five or more specific characteristics of the company’s business and/or legal & regulatory environments which impose requirements for this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

The media sanitization, reuse, and destruction policy contained an outstanding introduction which addressed three or more specific characteristics of the company’s business and/or legal & regulatory environments which impose requirements for this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

The media sanitization, reuse, and destruction policy contained an acceptable introduction which mentioned the company’s business and/or legal & regulatory environments as a source of requirements for this policy. Compliance requirements are addressed and contact information is provided for questions about the policy.

The media sanitization, reuse, and destruction policy contained an introduction which mentioned the reasons why this policy exists and why employees must comply with it.

The policy was built from a template or list of “best practices” with no customization for the case study company. (Or, inappropriate or excessive copying from other authors’ work.)

No work submitted.

The media sanitization, reuse, and destruction policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed all three functions (sanitization, reuse, and destruction) and included 9 or more separate policy statements.

The media sanitization, reuse, and destruction policy was well organized (including 3 or more section headings for topics) and easy to understand. The policy addressed all three functions (sanitization, reuse, and destruction) and included 7 or more separate policy statements.

The media sanitization, reuse, and destruction policy was well organized and easy to understand. The policy addressed all three functions (sanitization, reuse, and destruction) and included 5 or more separate policy statements.

The media sanitization, reuse, and destruction policy addressed at least two of the three functions (sanitization, reuse, and destruction) and included 3 or more separate policy statements.

The policy addressed employee responsibilities for erasure and destruction of media but lacked important details / information. (Or, inappropriate or excessive copying from other authors’ work.)

No work submitted.

Professionalism

Demonstrated excellence in the use of standard cybersecurity terminology to support the deliverable. Appropriately used terminology from five or more pillars of IA/IS.

Deliverable showed an outstanding understanding and integration of standard cybersecurity terminology. Appropriately used terminology from four or more pillars of IA/IS.

Correctly used standard cybersecurity terminology in the deliverable. Appropriately used terminology from three or more pillars of IA/IS.

Used standard cybersecurity terminology but this usage was not well integrated into the deliverable.

Misused or incorrectly defined cybersecurity terminology.

Did not integrate standard cybersecurity terminology into the deliverable.

Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.

Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).

Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.

Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.

Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.

Submitted work is poorly organized and formatted. Writing and presentation are lacking in professional style and appearance. Work does not reflect college level writing skills. Or, no submission.

No word usage, grammar, spelling, or punctuation errors. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)

Work contains minor errors in word usage,grammar, spelling or punctuation which do not significantly impact professional appearance. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)

Errors in word usage, spelling, grammar, or punctuation which detract from professional appearance of the submitted work. All quotations (copied text) are properly marked and cited using a professional format (APA format recommended but not required.)

Submitted work has numerous errors in word usage, spelling, grammar, or punctuation which detract from readability and professional appearance. Punctuation errors may include failure to properly mark quoted or copied material (an attempt to name original source is required).

Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage. Significant errors in presentation of copied text (lacks proper punctuation and failed to attribute material to original source).

No work submitted. OR, work contains significant instances of cut-and-paste without proper citing / attribution to the original work or author.

Overall Score

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *