You have recently accepted a new job as the IT Security Manager at USA HealthCare. USA HealthCare is a large business and has multiple branches throughout the nation. Due to the pandemic, USA HealthCare wants to implement a telework policy immediately.

You have recently accepted a new job as the IT Security Manager at USA HealthCare. USA HealthCare is a large business and has multiple branches throughout the nation. Due to the pandemic, USA HealthCare wants to implement a telework policy immediately. You have been assigned to lead the effort to write a Telework Policy that wants to:
• ensure that the Telework decision does not have an adverse effect on security.
• can save USA HealthCare money and improve employee morale.
• implement this policy for the authorized personally owned and corporate-owned IT devices/assets that employees are allowed to access the network.
• mandate all employees of USA HealthCare obtain Telework training when first hired and then attend annual Telework security policy training.
• mandate that all employees acknowledge and sign a Telework agreement once they are approved by management to Telework.
• comply with HIPAA security requirements, other laws and regulations, and IT security best practices.
Second Step: Research articles, policies, books, youtube videos, and other resources available to you and list them in the reference section. Research what other laws and regulations USA HealthCare must comply with and state them in the policy objectives and address how USA HealthCare will comply (by implementing technical, administrative, and physical controls).
Template below
Title (2 points)
{The title should be at the top of the page, centered and explicitly state that policy name and the company name}
Introduction {In this section, introduce the policy to frame the document. Provide content and meaning; convey the importance of understanding and adhering to the policy; acquaint the reader to the policy; identify the exemption process and consequences of non-compliance; thank the reader and reinforce the authority of the policy}
(10 points)
Policy Goals/Objectives {In this section, insert the policy’s goals as well as its objectives to convey intent; use a bulleted list of the policy definition. See the Scenario for goals and objectives. Research then list all laws and regulations you are striving to comply with.}
(15 points)
Scope {In this section, define this policy’s scope. Address who must comply with the policy; identify the specific organization-owned or personally owned IT assets within the scope of this policy; specify the work functions and data access users can access while teleworking; and address which of the seven domains of a typical IT infrastructure are impacted by allowing telework access. In this case, you are concerned about which IT assets require information systems security management that access the company network remotely.} See Johnson book for 7 IT domains.
(10 points)
Standards {In this section, identify the technology standards used by the organization. The policy should point to any hardware, software, or configuration standards that all users must comply with and explain the relationship of this policy to these standards. In this case, identify the IT domain(s) and standards for each, such as encryption standards (data at rest and in transit), SSL VPN standards, Internet speeds, web browser, hardware technical specifications, etc—make any necessary assumptions. Be sure to specify the hardware, software, and configuration baselines and standards that the company has adopted. List them here and explain the relationship of this policy to these standards. Remember to reference technical hardware, software, and configuration standards for IT assets throughout the seven domains of a typical IT infrastructure that will be allowed for telework duties}. See Johnson book for 7 IT domains.
(15 points)
Procedures {In this section, address what users will be allowed and not allowed to do per this policy; address how you intend to implement this policy nationwide; address how you intend to deliver the annual training and ongoing security awareness; address how users should report suspicious activity or a computer incident; address the 24/7/365 monitoring and technologies used to ensure the security of the network; address how users must comply with the standards; address all relevant domains (of the typical 7 IT domains) that should be addressed in this section as well as who is responsible for ensuring CIA and security policy implementation within that domain. This is the most important part of the policy because you must explain and define your Telework policy throughout USA Healthcare’s typical IT infrastructure. Refer to Johnson book for 7 IT Domains. Remember the different formats you can chose to write procedures}. (15 points)
Guidelines {In this section, guide the users on how to overcome any roadblocks or implementation issues. Also advise users on how to do something that is not “required” such as email etiquette, stronger passwords, how to avoid clicking on suspicious links, etc. You can decide what you would like to guide employees on (especially when it comes to security). Remember guides are not mandatory; Guidelines only advise the user on how to do something. If the guide is mandatory—then it a requirement and should not be included in this section.}
(10 points)
Policy Exceptions {In this section, identify the waiver process to request an approval for any deviations or exceptions to the policy; identify who will approve the exception; explain how a user requests an exception. Remember all policies should have an exception/waiver process}.
(5 points)
Administrative Notations {In this section, add information such as author; corresponding documents; considerations while writing the policy and state why changes or considerations were made; state when the next review/revision will take place—should be at least annually; also state where the policy can be found—add a hyperlink to the policy location. For this policy, also include who developed, reviewed, and approved the policy and please include the department they represent.}
(2 points)
Policy Definitions {In this section, add a glossary of terms used within the policy. Should include terms average users may not be familiar with. Remember not all employees are IT/cybersecurity specialists.}
(2 points)
Version Control {In this section, add a date and changes made to track changes, or identify as the first version of the policy.} (sample below)
Revision Originator Change Date Change Description Approver Approval Date
1.0 Your Name 7.1.2021 Add description here Org Approver 8.2.2021
(2 points)
Policy Enforcement Clause {In this section, state what will happen to an employee who violates the policy.}
(5 points)
Acknowledgement {In this section, add a user signature, either a digital signature or handwritten acknowledgement, that the user has read and acknowledges the AUP and will comply with the policy.}
(2 points)
——————–PAGE BREAK————————
[References Page Does not count toward 5 pages max]
Cite Your References
(5 points)
Ref 1
Ref 2
Ref 3
Ref 4
Ref 5

Leave a comment

Your email address will not be published. Required fields are marked *