Please see attached
CYB 250 Module Six Activity Module Six Activity BYOD Policy This policy is intended to protect the security and integrity of the organization’s data and technology infrastructure. Limited exceptions to the policy may occur due to variations in devices and platforms. Employees must agree to the terms and conditions set forth in this policy in order to be able to connect their devices to the company network. Acceptance of this policy is required as part of new employee orientation. Acceptable Use The organization defines acceptable use as activities that are personal in nature and do not involve any business function. The organization defines acceptable personal use during business hours as reasonable and limited personal communication or recreation, such as reading or game playing. Acceptable personal use during business hours should only occur during break or lunch times. Employees are blocked from accessing certain websites during work hours and while connected to the network at the discretion of the organization. Devices’ camera and/or video capabilities are not disabled while connected to the network. Devices may not be used at any time to: Store or transmit any information belonging to the organization Conduct regular business for the organization during normal business hours Engage in activities in performance of duties for another organization Personal devices may be used to access organizational email, calendars, and contacts. Devices and Support Smart devices and tablets such as iPhone, Android, iPad, or any other smart devices are permissible for use. Connectivity issues may be supported by IT on a limited basis. Devices must be presented to IT before they can access the network. Security In order to prevent unauthorized access, devices must be password protected using the features of the device at all times. A strong password is required to access the company network. Passwords must be at least six characters and a combination of upper- and lowercase letters, numbers, and symbols. The device will have security software, owned by the organization, installed for use in multifactor authentication. After eight failed login attempts, the device’s access to the network will be suspended. IT must be contacted to have access to the network reinstated. Smart devices and tablets that are not presented to IT for clearance will not be allowed to connect to the network: no exceptions. The employee’s device may be remotely wiped if 1) the device is lost, 2) the employee terminates his or her employment, 3) IT detects a data or policy breach, a virus, or similar threat to the security of the organization’s data and technology infrastructure. Risks/Liabilities/Disclaimers While IT will take every precaution to prevent the employee’s personal data from being lost in the event it must remote wipe a device, it is the employee’s responsibility to take additional precautions, such as backing up email, contacts, etc. The company reserves the right to disconnect devices or disable services without notification. Lost or stolen devices must be reported to IT within 24 hours. The employee is expected to use their devices in an ethical manner at all times and adhere to the organization’s acceptable use policy as outlined above. The employee is personally liable for all costs associated with their device. The employee assumes full liability for risks including, but not limited to, complete loss of personal data due to an operating system crash, errors, bugs, viruses, malware, and/or other software or hardware failures, or programming errors that render the device unusable. The organization reserves the right to take appropriate disciplinary action up to and including termination for noncompliance with this policy. 1 CYB 250 Module Six Activity Guidelines and Rubric Policy Update CYB 250 Module Six Activity Guidelines and Rubric Policy Update Overview As a security analyst, even though it may not relate immediately t o your day-to-day job, it’s a best practice to be aware of emerging trends in the industry because they may eventually af fect your organization. Think about how fast mobile devices have evolved and become pervasive in both business and personal applications. Managing emerging technologies requires a two-pronged approach: the technological aspect and the social aspect. You might need to upgrade your system, as well as your policies that affect employee behaviors. There is often no right or wrong answer when integrating emerging technologies as long as the technology isn’t detrimental to your system; however, following best practices as defined b y the industry, staying current with trade publications, and networking with your peers will help you be successful. As you address the technological and policy-related updates of implementing emerging technology in your organization, it is important to think about what it means to use the technology and adhere to the policies you are updating. Using a systems thinking approach can help with this. Scenario You are a cybersecurity analyst and your organization has noticed a new trend. More and more employees are bringing their personal devices to work and connecting them to the company wifi. The security team has recognized this as an issue and has decided to create a new segmented network for employees to use for their personal devices. This is a more secure solution because it separates data traffic for personal use and it allows the organization to encrypt the communication. This benefits both the employees who want to use their personal devices at work and the organization. This change to the system includes two steps from two different teams. The IT team is going to build the isolated secure network for employees only, and the security team needs to update the bring your own device (BYOD) policy. Your manager has asked you to draft the update to this policy. Your requirement is to update the policy to reflect the changes in the system in response to this new initiative. 1 Prompt Review your organization’s current BYOD policy (the Module Six Activity document) linked in the Activity task in Module Six of your course. You must address the critical elements listed below. I. Policy Update A. Modify the BYOD policy to meet the new requirement from the emerging workplace trend. II. Organizational Impacts A. Describe the impacts of this policy update on the organizational culture. For example, if you are aware that your use of personal devices on the company network is being monitored, would this change your behavior? Should it? B. From a systems thinking approach, recommend at least one additional policy update. Justify your recommendation. Activity Rubric Guidelines for Submission: Your submission should be 1 to 2 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. All sources must be cited using APA format. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Policy Update: BYOD Policy Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Modifies the BYOD policy to meet the new requirement from the emerging workplace trend Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 2 Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Organizational Impacts: Organizational Culture Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes the impacts of this policy update on the organizational culture Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Organizational Impacts: Additional Policy Update Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Recommends at least one additional policy update and justifies recommendation Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Articulation of Response Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to- read format Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 3 CYB 250 Module Six Activity Guidelines and Rubric Policy Update Overview Scenario Prompt Activity Rubric