Red Clay Renovations Managers Check Book for Policy Implementations

Executive Summary

Red Clay Renovations is an organization that deals with the rehabilitation and renovation of residential houses. Most of their operations depend on information technology solutions to maximize convenience and operations efficiency. However, they are exposed to several issues associated with information management that impact their credibility and customer trust.

The organization’s chief information security officer recently held a meeting with shareholders to discuss the potential challenges and solutions to impede diversities. The meeting focused on developing and initiating policies related to;

1. Data breaches and response to data breaches.
2. Managing and preventing the inappropriate use of Shadow IT policies.
3. The appropriate use of the organization’s social media accounts to facilitate development.

These policies aim at improving operations and information management to ensure data security and efficient operations processes.

Data breaches, shadow IT, and the inappropriate use of organizations’ social platforms often results in substantial organizational losses and mistrust. Therefore, it is essential to develop and initiate policies to alleviate challenges associated with these disruptions and solutions to counter problems in case of data breaches.

Data Breach Response Policy

Overview

Red Clay Renovators is an organization that handles substantial amounts of consumer data and private information exposed to cyber threats. Therefore, it is important to ensure data security and develop systems to mitigate disasters. A data breach occurs when cybercriminals have unauthorized access to the company’s private data. Hackers always target critical data such as social security numbers, credit card numbers, addresses, and user names. Data breaches lead to diminished productivity, damaging consumer reputation, and mistrust by customers, thus impacting consumer satisfaction (Bonner, 2012). Cybercriminals attack smaller organizations such as Red Clay Renovations because they expect weaker systems that are easier to bypass. Therefore, it is critical to design policies that are effective and targeted towards preventing both internal and external data breaches.

Purpose

Cybersecurity attacks can substantially impact organizations as they result in massive losses. Therefore, businesses like Red Clay Renovations should prepare for cybersecurity threats by creating a comprehensive data breach response plan to inhibit negative outcomes. A cybersecurity response plan is critical for organizations as they provide a framework to respond to attacks in an organized, documented, and straightforward manner (Mylreanet al., 2017). A cyber-attack response plan assists organizations in protecting their revenue, maintain consumer trust and protect their private data. Therefore, the Red Clay Renovations data breach response policy should be designed to cater to the organization’s immediate needs and establish reliable solutions to flag and prevent attacks.

Responsibilities

The team members responsible for implementing and overseeing the data breach response policies will come from the IT and infrastructure, finance, human resources, and units affected in a data breach. The organization’s sponsors will be responsible for maintaining information resources. The information security administrator will provide administrative support to oversee and coordinate security procedures. The incident/cyber response team, chaired by the CIO, will ensure seamless integration of the proposed systems into various departments. However, all officers will report and receive instructions from the organization’s executive CIO, who will work with in-line managers to ensure objectives.

Policy

The main causes of data breaches in organizations are human error, malicious activities by hackers, and system errors. Therefore, the response plan should develop approaches considering all these factors.

The following data breach response management plan will help to alleviate these issues.

• First, all organization members should go through training to help identify and flag malicious cyber-attacks and data breaches. Additionally, they should be notified of the appropriate approaches to effective reporting and channels of notifications.
• After notification of a potential data breach, the data breach team should initiate a response plan that involves;
• Confirming the breach to ensure that it is a risk to company data and against organization policies.
• Containing the attack to prevent escalation.
• Assessing the potential impact and risk to determine the affected parties of the level of harm.
• Reporting the incident to any party involved and individuals whose data has been accessed to initiate tailored preventive measures.
• Evaluating the response and recovery options to prevent future attacks and breaches.

Compliance

All Red Clay Renovations personnel must comply with the requirements and recommendations of the policy. All members who violate the policy requirements will be subjected to disciplinary action that will include but is not limited to suspension and job termination. Moreover, third-party partners found in violation of the policy will have their connections terminated.

Shadow IT Policy

Overview

Shadow IT refers to the concept of an organization’s employees using systems, technology, or the organization’s services without sufficient operations knowledge, support, or approval from the organization’s IT department. Shadow IT is a rising concern in small organizations like Red Clay Innovations as it impedes effective communication and collaboration between employees and the organization’s IT team. Even though shadow IT can promote technological familiarity, self-reliance, and increased productivity, it poses risks to data security and undermines the powers of the IT department (Zimmermann et al., 2014). Therefore, it is advisable to implement a policy to govern the use of shadow IT, establish restrictions, and define the responsibilities of employees when working with the IT department.

Purpose

Even though shadow IT is a concern, it is not always detrimental to organizations. The main reason employees adopt shadow IT is to improve the efficiency of workflows and avoid complicated protocol and process regulations. However, managers in the organization should evaluate the use of shadow IT and ensure compliance to hazard mitigating approaches. The main purpose of a shadow IT policy is to ensure integrity, data protection, prevent data fragmentation, improve the organization’s enterprise technology efficiency, and help employees and users in case of issues (Kirlappos et al., 2014). Therefore, a comprehensive policy is critical to diminish the risk of data loss and disconnected business processes.

Responsibilities

All system users in Red Clay Renovations are responsible for the appropriate use of technological infrastructure. However, all employees and third-party users are also obligated to comply with the policy recommendations. The policy will cover all part-time and full-time employees. Moreover, it will apply to the organization’s equipment, personally owned devices, company applications, and company-owned accounts (Furstenau et al., 2017). All discrepancies will be reported to the chief executive CIO, who will work with the IT team to ensure positive outcomes and compliance.

Policy

• All employees seeking additional technologies or more efficient solutions should always consult with the IT department to ensure that their approaches align with recommendations. However, when IT consultants are unreachable, employees should justify their actions and explain why the solutions work for them.
• The IT department should also identify critical applications, business processes, and potential services that pose a risk to data security. Limiting shadow IT when using these applications will ensure that they do not result in negative outcomes.
• The IT department should ensure the training and education of all employees so that they are familiar with current security regulations and standards. All employees should complete the training initiatives to ensure that they are equipped with the necessary expertise to handle issues.
• Additionally, the organization should promote an ‘open door’ protocol to ensure that employees provide input on their needs for positive development. Therefore, the organization should develop feedback protocols to ensure positive development.

Compliance

There are no exceptions to this policy unless permitted or supported by the organization’s IT team. Any employee found liable for going against these policies must be reported to the IT team managers and the human resource department. The reparations for going against the regulations will include job terminations and facing the organization’s disciplinary committee.

Management and Use of Corporate Social-Media Accounts Policy

Overview

The current generation is characterized by increased technological advancement. Social media is an example of an effective technological tool used in various sectors of the economy. Companies have created social media accounts and fan pages for managing the activities of the business. Organizations have incorporated various policies to mitigate the risks and threats associated with the use of organizational social media accounts (Jaeger et al., 2012). Red Clay Renovation company must thus incorporate management policies for managing their various social media accounts like Facebook, Instagram, Twitter, and Pinterest. Social media plays a crucial role in achieving the marketing objectives of business organizations.

Purpose

The policy developed is significant because it outlines practical guidelines that can effectively manage the social media accounts of business organizations. Reducing the risks associated with social media use is critical in achieving the objectives of the company. The management of RCR has incorporated guidelines stipulated by the National Institute of Standards and Technology (NIST).

The policy developed also abides by the requirements provided by the NIST 800-53, Access Control (AC), and Security and Private Controls for Federal Information Systems and Organizations. Creating guidelines and policies are essential in ensuring the business achieves its social media objectives.

Responsibility

Several parties will play a role in the implementation of the social media management policy. First, the officials will play an important role in answering the questions and concerns associated with the policy. The Director of IT and the Deputy Director of IT are the two key stakeholders who will implement the policy guidelines. In addition, the Director of IT will play a key role in educating the business employees concerning the risks associated with using organizational social media accounts. Understanding the risks and issues associated with social media use is the first step towards developing a practical strategy for managing organizations’ social media accounts.

Policy

The policy regulations will educate employees to acknowledge the proper use of organization social media. Employees should ensure that social media posts represent the values of the company. The official use of social media can be achieved by ensuring that all business transactions are conducted through official Red Clay Renovations social media accounts. The employees must also ensure that their social media accounts are accessed through the company’s network.

The IT Director will ensure that he assigns every social media account to a specific manager to secure the account logins. Employees must also be cautioned against the provision of personally identifiable information through the official organization’s social media accounts.

Lastly, social media account managers must be directly responsible for the information posted on the accounts. Managers must also respond to queries and concerns of the customers that are directed towards the company’s social media accounts.

Compliance

The management of Red Clay Renovations will ensure that every employee must comply with the rules and regulations of managing the company’s social media accounts. Employees must also understand the consequences that are associated with breaking policies and guidelines set by the organization.

Compliance with the set policies can be achieved when every employee using the social media accounts gets permission from the manager. The human resource manager should be responsible for implementing the policies and guidelines for managing social media accounts.

References

Bonner, L. (2012). Cyber risk: How the 2011 Sony data breach and the need for cyber risk insurance policies should direct the federal response to rising data breaches. Wash. UJL & Pol’y, 40, 257.

Furstenau, D., Rothe, H., & Sandner, M. (2017). Shadow systems, risk, and shifting power relations in organizations. Communications of the Association for Information Systems, 41(1), 3.

Jaeger, P. T., Bertot, J. C., & Shilton, K. (2012). Information policy and social media: Framing government-citizen web 2.0 interactions. In Web 2.0 technologies and democratic governance (pp. 11-25). Springer, New York, NY.

Kirlappos, I., Parkin, S., & Sasse, M. A. (2014). Learning from “Shadow Security”: Why understanding non-compliance provides the basis for effective security.

Mylrea, M., Gourisetti, S. N. G., & Nicholls, A. (2017). An introduction to buildings cybersecurity framework. In 2017 IEEE symposium series on computational intelligence (SSCI) (pp. 1-7). IEEE.

Zimmermann, S., Rentrop, C., & Felden, C. (2014). Managing shadow IT instances–a method to control autonomous IT solutions in the business departments.