Assignment: Policies, Procedures and Practices
Identifying the Problem
Introduction
You will complete a research project that will involve the writing of two security policy, procedure and practices. Your job is to create and document two technical operations across two different areas of technology. For instance, you may choose from network, operating system, software development, application, data storage or information security (other areas with permission). You do not need to have technical hands-on experience, just the ability to review material and come up with a cohesive plan to solve the problem, based on the recommendation of others.
Once you have selected an area to research (ex. Data Storage/Destruction)
Step 1: Identify the problem you need to solve (ex. Data destruction policy) - Authorized by me in advance
Step 2: Call out what is in-scope of the problem allowing you to be specific (ex. Physical media only)
Step 3: Articulate what needs to be done (ex. Render the CD safe for general disposal)
Step 4: Write the procedure (ex. CD: Fill out form DDR-101 with the user's name, data on media and date and time of submission for destruction. Run CD through Sentry Shredder ADA387 via the CD slot, open discharge drawer and verify that CD has been destroyed, update DDR-101 with destroyer's name and date of destruction)
Step 5: Identify the method for validating that the policy is followed (ex. Review process of the DDR-101 system, or procedure for handling CDs place in the general trash).
You might also want to talk about removable drives (thumb-drives and external drives which are harder to shred, but should be wiped before disposal.
I do not expect this to be a completely original work. There are certainly many examples of not only actual procedures, but also templates that may help you along the way. Please ensure that you give credit for templates. It will not affect your grade if you use someone else's work as a base, but I expect you do enhance and add value.
If you need guidance help understanding some of the technical pitfalls you are being asked to explore, Feel free to contact me. The length of the document is not as critical to me as the thought process that goes into solving the problem identified. Please get authorization from me before you start to ensure that your selection is acceptable.