Graduate Project 2:

Policies, Procedures and Practices
DUE BY: 3/11/2016 @ 11:00pm
Identifying the Problem
Introduction
You will complete a research project that will involve the writing of two security policy, procedure and
practices. Your job is to create and document two technical operations across two different areas of
technology. For instance, you may choose from network, operating system, software development,
application, data storage or information security (other areas with permission). You do not need to have
technical hands-on experience, just the ability to review material and come up with a cohesive plan to solve
the problem, based on the recommendation of others.
Once you have selected an area to research (ex. Data Storage/Destruction)
Step 1: Identify the problem you need to solve (ex. Data destruction policy) – Authorized by me in advance
Step 2: Call out what is in-scope of the problem allowing you to be specific (ex. Physical media only)
Step 3: Articulate what needs to be done (ex. Render the CD safe for general disposal)
Step 4: Write the procedure (ex. CD: Fill out form DDR-101 with the user’s name, data on media and date
and time of submission for destruction. Run CD through Sentry Shredder ADA387 via the CD slot, open
discharge drawer and verify that CD has been destroyed, update DDR-101 with destroyer’s name and date
of destruction)
Step 5: Identify the method for validating that the policy is followed (ex. Review process of the DDR-101
system, or procedure for handling CDs place in the general trash)
You might also want to talk about removable drives (thumb-drives and external drives which are harder to
shred, but should be wiped before disposal.
I do not expect this to be a completely original work. There are certainly many examples of not only actual
procedures, but also templates that may help you along the way. Please ensure that you give credit for
templates. It will not affect your grade if you use someone else’s work as a base, but I expect you do
enhance and add value.
If you need guidance help understanding some of the technical pitfalls you are being asked to explore,
please feel free to contact me. The length of the document is not as critical to me as the thought process
that goes into solving the problem identified. Please get authorization from me before you start to ensure
that your selection is acceptable.
Grading as follows:
• 10pts/each – for each of the key steps above for each of your two PPP documents
• TOTAL – 100pts
You must submit your project via the sakai assignment tool with a filename as follows 448-LASTNAME.xxx
(where LASTNAME is replaced with your last name and the .xxx is replaced with a word processing file
extension).

Graduate Project 2:

Policies, Procedures and Practices
DUE BY: 3/11/2016 @ 11:00pm
Identifying the Problem
Introduction
You will complete a research project that will involve the writing of two security policy, procedure and
practices. Your job is to create and document two technical operations across two different areas of
technology. For instance, you may choose from network, operating system, software development,
application, data storage or information security (other areas with permission). You do not need to have
technical hands-on experience, just the ability to review material and come up with a cohesive plan to solve
the problem, based on the recommendation of others.
Once you have selected an area to research (ex. Data Storage/Destruction)
Step 1: Identify the problem you need to solve (ex. Data destruction policy) – Authorized by me in advance
Step 2: Call out what is in-scope of the problem allowing you to be specific (ex. Physical media only)
Step 3: Articulate what needs to be done (ex. Render the CD safe for general disposal)
Step 4: Write the procedure (ex. CD: Fill out form DDR-101 with the user’s name, data on media and date
and time of submission for destruction. Run CD through Sentry Shredder ADA387 via the CD slot, open
discharge drawer and verify that CD has been destroyed, update DDR-101 with destroyer’s name and date
of destruction)
Step 5: Identify the method for validating that the policy is followed (ex. Review process of the DDR-101
system, or procedure for handling CDs place in the general trash)
You might also want to talk about removable drives (thumb-drives and external drives which are harder to
shred, but should be wiped before disposal.
I do not expect this to be a completely original work. There are certainly many examples of not only actual
procedures, but also templates that may help you along the way. Please ensure that you give credit for
templates. It will not affect your grade if you use someone else’s work as a base, but I expect you do
enhance and add value.
If you need guidance help understanding some of the technical pitfalls you are being asked to explore,
please feel free to contact me. The length of the document is not as critical to me as the thought process
that goes into solving the problem identified. Please get authorization from me before you start to ensure
that your selection is acceptable.
Grading as follows:
• 10pts/each – for each of the key steps above for each of your two PPP documents
• TOTAL – 100pts
You must submit your project via the sakai assignment tool with a filename as follows 448-LASTNAME.xxx
(where LASTNAME is replaced with your last name and the .xxx is replaced with a word processing file
extension).