It is strongly recommended you read this entire assignment before you begin working on t and revisit the assignment periodically as you work on it.
M01 – Policy Review
The CHI organization and its executive team desire to reorganize and implement more effective management of policy and also to review and update some parts of the policy environment of the company.
Your assignment is to organize the existing library of policy documents and then undertake a CHI, Inc. policy and governance review. Follow these detailed, multi-step instructions to complete each of the multiple parts of the assignment.
Step 1:
Locate the CHI Policy document set you have been given. Using a text editor of your choice, prepare a separate document file for each of the various policy elements. Each policy must be in a separate and properly named file. This will include isolating the EISP as its own file as well as placing each of the existing ISSP policy texts into separate named policies, each in its own document file, to make future revisions more efficient.
Create a folder on your KSU provided OneDrive account and Name it ” ISA 4820 Policy” replacing with your KSU netid.
You must explicitly share this folder inside OneDrive with the course instructor ([email protected])
Inside of that shared folder create a subfolder with the name “M01 Existing Policy”.
Using any tools of your own choosing, create a set of policy documents in this library extracted from the currently published single policy document in the course’s case study. Be sure to make each policy document clearly named. Each policy document must be edited to be attractive in appearance. Add such headers and footers as you think are needed based on your knowledge of policy management practices. Each document must be saved as a PDF file type.
You should have one complete EISP document in a single PDF file. You will have a single PDF file for each ISSP and SySSP that you find.
Name your EISP and ISSP files using this convention: “CHI – – – – Ver. “.
For example “CHI – nynam888 – ISSP – Network Firewall Usage Policy – Ver. 1.0” or
“CHI – mynam88 – EISP – Corporate Information Security Policy – Ver. 2.1”. Assign version numbers as you find appropriate.
Create a single PDF file that serves as a root policy document (this is intended to serve as an index or landing page) which will identify the nature of your repository and also serve as a launching point to access each and every one of your separate policy documents. This document should link to the detailed policy documents.
The appearance of the documents and your navigation elements, as well as the functionality of the links, are a factor of your assessed performance.
When you have completed this process, verify the course instructor has access. Now create an additional PDF file for submission with the link to your root policy document (which should be residing on your folder in OneDrive). Save this active link as a PDF document. Submit this as assignment “(M01A) Policy Directory Setup” to indicate you are done with this step. The instructor will navigate using this link to reach your landing page (index of policy files).
GRADING NOTE: When I grade your assignment I will:
• Open the PDF file you submit to D2L
• I will look for a link that should take me to a single file (the landing page) on your OneDrive
• I will link and load it — I prefer that it be a PDF but it could be HTML or MS Word
• Once that file is open I will look for and then link to the EISP document — the link must work and open a complete and correct EISP preferably in PDF

• I will return to the landing page and choose three ISSP or SYSSP documents at random — Each of them should link and open, again preferably as a PDF file type and reveal the proper policy statement
• Then, I will look at your list of policies on the landing page to make sure that it is complete
• I will close the landing page and all of the policy documents
• Finally, I will open your OneDrive folder directly via OneDrive and verify our file naming convention was done to specification.
Step 2:
For the second step, you are asked to make a strategic recommendation to the Board of Directors about how the CHI cybersecurity function should be organized. To accomplish this, please be sure you are familiar with the Case Study and have read and assimilated the entire CHI Draft Policy Manual that has been provided. Prepare the components of your recommendation and then combine them into a single PDF file to be submitted for review.
Start by writing a report of at least 200 words that will:
• Identify any inconsistencies you can find in the roles described in the Case Study and those implied in the Policy Manual.
• Propose an overview and explanation of a new set of roles and organizational structures and also provide a replacement for the entire section of the case titled “Officers and Key Employees” that is complete and consistent and able, in your opinion, to meet the needs of the company. You may make any assumptions and revisions you see fit that are consistent with the balance of the case study and the Policy Manual. This preparation should be the basis for the report that follows.
• Now use your overview and explanation from above to prepare your report so that it has:
o a one-line title,
o an abstract/summary not longer than one page,
o a statement of the scope of your report that includes your sources and assumptions,
o a section on inconsistencies,
o a section on proposed changes and
o a final section that provides a complete replacement for the entire section of the case study that is titled “Officers and Key Employees”.
• Prepare a cover memorandum of transmittal. Place it as the first page of the submission. This memorandum should identify what is being transmitted, and frame the context of the report. There must be a hard page break between the memorandum and the report.
• The combined document must be submitted as a PDF file type and as the assignment “(M01B) Proposed Organization”. Your combined document must be a PDF file where the first page is the cover memorandum with your report starting on the next page.
Step 3:
The CIO of CHI, Inc. has become concerned that the current networking environment may not be as secure as it was perceived to have been. To that end, you have been commissioned to undertake a review of the current policy environment and to make specific recommendations for improvements to the policy of the firm as regards the firewall and VPN control systems.
• Undertake a complete policy review of the CHI, Inc. policy suite to summarize the current policy regarding firewalls and VPNs. Save your review as it will be the basis for a report you will assemble. This review must include:
o Review current CHI policy to identify all EISP-level policy provisions that touch on the network firewall and VPN subject area
o Write a complete review of the current network and VPN policy in place now
o Write a critique of the current network and VPN policy in place now
o Your review and your critique must identify and comment on all policy provisions that touch on the network firewall and VPN subject area
• Write a short memorandum. Address the memorandum to the CIO of CHI. In this memorandum, cover
o The current state of the VPN connectivity available at CHI
o Assessment of how important VPN connectivity is to the future of CHI
o Include one paragraph to articulate your current level of technical ability (actual not simulated) in designing, installing, configuring, and using VPN technology.
o Submit the memorandum for assessment as a PDF file using assignment “(M01C) Policy Memorandum”
• Now, use your policy review prepared above to create a plan to revise the policy environment to fit current needs regarding the firewall and VPN technical realities and anticipated needs. The plan will:
o Assume that one new ISSP-level policy document will be created to enable the design and deployment of a coherent firewall and VPN solution
o Describe all changes needed in the EISP-level document (you need not re-write the EISP, just identify what needs to be rewritten)
o Identify any ISSP-level documents that should be rescinded and that will be replaced by the new ISSP.
o Completely describe all changes needed for all of the remaining ISSP-level documents (you need not re-write any of the ISSPs, just identify what needs to be changed)
o Fully plan the new ISSP – This plan will include writing the complete ISSP introduction and then writing a fully descriptive and annotated outline for the rest of the new ISSP.
o Consolidate your InfoSec policy review analysis and improvement plan into a single coherent, complete business report and submit it for assessment as a PDF file using assignment “(M01D) Policy Review Report”. Be sure to clearly label each part of the submission so that the reader will be able to find the components listed above. Be sure that the first page is a memorandum to the CIO of CHI that describes what is in the report to serve as a transmittal cover sheet. Be sure there is a hard page break between the memorandum and the report.
• Your final requirement for this assignment is to update selected elements of the CHI policy environment as noted here:
o Duplicate (make a copy with a new name) your OneDrive policy folder created earlier and name it “M01 Proposed Policy”. Please leave the folder from the prior exercise in place for reference.
o Verify that the course instructor has sufficient access to view your new folder. If not, make the proper adjustment.
o Write one new ISSP-level policy document as you specified in your submitted plan. Be sure the ISSP has all the required elements.
o Update the EISP-level document as you specified in your submitted plan. As needed, upgrade its appearance to be professional and attractive.
o Remove all ISSP-level documents that should be rescinded as you specified in your submitted plan.
o Correct any file type or file naming conventions that remain so that your work will meet all of the requirements from Step 1.
o Update all ISSP documents that remain active to have a professional appearance.
o Update and upgrade the appearance of your policy index/landing page to make it attractive and professional looking. The appearance of the documents and your navigation elements are a factor of your assessed performance.
o Prepare a memorandum that includes an active link to your new policy folder index/landing page. This must be submitted as a PDF document.
o Submit the PDF document as assignment “(M01E) Policy Updates” to indicate you are done with this step.
• You will have to complete the policy skills self-assessment (M01F). See the separate specification for that.