Computer Science Homework Help

University of Maryland Policy on Information Access Red Clay Renovations Case Study

 

Review the course readings and the Red Clay Renovations company profile for background information before responding to this discussion question.

The Red Clay Board of Directors tasked the company’s IT Governance Board to develop a new remote access policy for teleworkers and employees traveling on business (including local area travel to client sites). This policy is required to help mitigate risks associated with remote access into the company’s customer information database.The Board of Directors is concerned about exposure of customer’s personal information to unauthorized individuals. At a minimum, the policy must address the use of virtual private networking by teleworkers when using company or personal equipment to access the company’s servers from outside company offices.

The need for updated remote access guidance arises from three regulatory requirements:

1) PCI-DSS (credit card and transaction information)
2) HIPAA Security Rule (health related information)
3) Red Flags Rule (consumer credit information: identity theft prevention).

Write a two-page internal policy that includes the following:

1. Purpose: Summarize the regulatory requirements and the reason(s) Red Clay needs the remote access policy.

2. Scope: Summarize the regulatory requirements as they apply to employees’ remote access to customer information which Red Clay  collects, processes, manages, and stores.

3. Policy: Write at least ten policy statements addressing how Red Clay employees should ensure the security of computers, laptops, and other mobile devices used for remote access into the company’s networks and servers. Your policy must specifically address the use of a VPN. Your policy must also include consequences and/or penalties for inappropriate or unauthorized disclosures of customer information due to the employees’ failure to comply with this policy.