Executive Summary
Information Technology is a rapidly developing landscape and increasingly becoming a valuable asset to the corporate world almost challenging assets such as land. IT resources must, therefore, be utilized properly for optimal growth of the corporate industry. As such, policies like an acceptable use of information technology, Bring Your Device, and Digital Media Sanitizations are put in place to govern the behavior of employees within Red Clay Renovations. The following are approval drafts for policy guidelines on each item.
Approval Draft for Acceptable Use Policy for Information Technology
The IT resources available at Red Clay Renovations are wholly owned and maintained by the firm. Use of these resources is allowed on a contractual basis and is therefore not a right. Employees are therefore expected to be responsible users of the resources availed by the firm. All employees with expired contracts are thus unauthorized persons and will be automatically logged out of the system until the renewal of their contracts.
Use of the firm's IT resources should be under the enterprise's goals, objectives and mission statement. The firm will provide resources for efficient and prompt communication. This will include Computer devices, smart devices, printers, fax machines and secure networks for information conveyance and transmission. The use of such devices should be compliant with the guidelines outlined in the Employee Handbook. Therefore, employees will exercise ethical and legal behaviors consistent with their expectations as they use the corporate IT resources.
Security is a corporate effort and will require the efforts of each and every employee to enforce. The resources should be utilized keeping in mind that other users also need the said common resources. All staffs are therefore implored to work in collaboration with the IT department to effectively and safely utilize the resources. Failure to abide by the guidelines of this policy may infringe on job security, incur legal consequences and personal financial ramifications for punitive damages.
Approval Draft for Bring Your Device Policy
All employees are allowed to bring their own devices to the workplace. However, Red Clay Renovations places a few restrictions on the use and information transmitted by the said devices. Cyber security is an important aspect in the Bring Your Device (BYOD) paradigm.
Information flow and communication must be maintained at optimal capabilities of the firm. Employee privately owned devices make this possible. Employees are therefore more responsive to communication using User Interfaces they are most familiar with.
The devices that employees are allowed to use within Red Clay Renovations premises are smart devices such as PDAs, smart phones, tablets, I Phone, notebooks, net books and laptops. All these devices must be confirmed as belonging to owner-employee by the provision of proper ownership documents to the ITS department.
The firm, Red Clay Renovations, utilizes Virtual Private Networks for all communications and transmission of data throughout out the corporate assets. The VPN network is configured to include the BYOD paradigm. However, this must be done upon secure authentication of the user. Personal information should be forwarded to the Human Resources Department. Credentials for approval to use the personal devices can be generated in conjunction with I.T.S and Human Resource department for each employee. The Chief Information Security Officer will be responsible for assigning each employee with a digital identification allowing access to the system on the own device(s).
Failure to abide by the IT guidelines on personal device use can cause data breaches (hacks) into the system: which invites the loss of sensitive data to unauthorized personnel. This can attract penalties ranging from corporate espionage to possible lawsuits.
Approval Draft for Digital Media Sanitization, Reuse, & Destruction Policy
All corporate and intellectual property must be sanitized before the disposal of Information Technology devices especially storage devices such as memory sticks and hard drives. All Red Clay Renovations IT storage devices contain media with sensitive corporate information from the Information Technology Services (ITS) department. The unauthorized access of Red Clay Renovations intellectual property may invite legal ramifications, damage to the brand and most likely significant financial losses for the firm.
This procedure is thus designed to protect the intellectual property of Red Clay Renovations. All devices must be sanitized before they are disposed of. Also, the re-use of devices within any department within the corporate structure (Architectural and Design Services, Customer Relations, Marketing & Media and Operations & Management) must first of all be sanitized of all sensitive information before relocation to any of the aforementioned departments.
The materials that must be sanitized include the following: CD/DVDs, memory sticks, hard drives, floppy disks and any form of taped information storage device.
Data will be sanitized by use of two methods: Physical or electronic depending on the objective. Devices meant to be disposed of will all be destroyed physically for instance by use of drills on hard drives and physical distortion of tape records, CD/DVDs and floppy disks. Devices meant for reuse will be sanitized electronically. Hard disk and memory sticks can be formatted. The same applies to tape record storage devices (by use of electromagnet) and CD/DVD + RW drives except for CD/DVD + R (these must be destroyed). Alternative measures of disposing of such as degaussing can also be used on storage devices.
References
Conover, W. J., & Conover, W. J. (1980). Practical nonparametric statistics. Journal of Internet Services and Information Security, 3-17.
Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your device (BYOD): Security risks and mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70. Retrieved September 04, 2016, from http://www.jgrcs.info/index.php/jgrcs/article/view/654
Gutmann, P. (1996). Secure deletion of data from magnetic and solid-state memory. Proceedings of the Sixth USENIX Security Symposium (pp. 77–90). San Jose, CA: University of Auckland.
Hughes, G. F., Coughlin, T., & Commins, D. M. (2009). Disposal of disk and tape data by secure sanitization. IEEE Security & Privacy, 29-34.
Legris, P. I. (2003). Why do people use information technology? A critical review of the technology acceptance model. Information & Management, 40(3), 191-204.