Compare / Contrast Two State Government IT Security Polic
Project 2: Compare / Contrast Two State Government IT Security Policies
For this research-based report, you will perform a comparative analysis that examines the strengths and weaknesses of two existing IT Security Policies published by state governments for their operating departments and agencies (agencies and offices of the executive branch under the leadership of the state governors). (You will select two policies from the table under Research > Item #1.)
Your specific focus for this analysis will be how these states issued policies guide the implementation of (a) Risk Analysis (aligned with NIST SP 800-30 and SP 800-37) and (b) System Authorization processes aligned with the seven (7) domains of the Certified Authorization Professional certification.
Your analysis must consider best practices and other recommendations for improving cybersecurity for state government information technology operations (i.e. those operated by or for state agencies and offices). Your paper should also address the question: why should every nation have a comprehensive IT security policy for state agencies and offices that implement risk assessment processes and system authorization processes to reduce and mitigate risk?
Read / Review:
1. Review the seven (7) domains of the Certified Authorization Professional (in the course textbook):
• Information Security Risk Management Program
• Scope of the Information System
• Selection and Approval of Security and Privacy Controls
• Implementation of Security and Privacy Controls
• Assessment/Audit of Security and Privacy Controls
• Authorization/Approval of Information System
• Continuous Monitoring
2. Review the NIST best practices guidance in NIST SP 800-30 and NIST SP 800-37 (read chapters 1 & 2 in each document).
Research:
1. Select two state government IT Security Policies from the list below.
State IT Security Policy
Illinois https://www2.illinois.gov/sites/doit/support/policies/Documents/Overarching%20Enterprise%20Information%20Security%20Policy.pdf
Massachusetts https://www.mass.gov/policy-advisory/enterprise-information-security-policy
Michigan https://www.michigan.gov/documents/dmb/1340_193162_7.pdf
Minnesota https://mn.gov/mnit/government/policies/security/#/list/appId//filterType//filterValue//page/1/sort//order/
Nebraska https://nitc.nebraska.gov/standards/8-Chapter.pdf
North Carolina https://it.nc.gov/programs/cybersecurity-risk-management/esrmo-initiatives/statewide-information-security-policies
Oklahoma https://oklahoma.gov/content/dam/ok/en/omes/documents/InfoSecPPG.pdf
South Dakota https://bit.sd.gov/docs/Information%20Technology%20Security%20Policy%20-%20Contractor.pdf
Virginia https://www.vita.virginia.gov/media/vitavirginiagov/it-governance/psgs/pdf/SEC519-Information-Security-Policy.pdf
2. Download and review your selected state governments’ IT Security Policy documents. If the IT Security policy document refers to a separate System Authorization Policy, download and then include that supporting document in your review and analysis for this project.
3. Analyze the System Authorization processes listed in the two IT Security Policy documents.
a. How well do these align with the best practices listed in the CAP Certification Body of Knowledge?
b. How well do the Risk Assessment processes align with guidance provided in NIST SP 800-30 and NIST SP 800-37?
4. Continuous your analysis from step 3 and use it to compare the System Authorization activities listed in the state IT security policies.
a. Develop five or more points that are common across the two documents. (Similarities)
b. Identify and review at least three unique items in each document. (Differences)
5. Research best practices for IT Security and/or IT Security Policies for state governments. Here are several sources which you may find helpful:
a. https://www.nist.gov/cyberframework/perspectives/state-local-tribal-and-territorial-perspectives
b. https://www2.deloitte.com/insights/us/en/industry/public-sector/nascio-survey-government-cybersecurity-strategies.html
c. https://www2.deloitte.com/content/dam/insights/us/articles/4751_2018-Deloitte-NASCIO-Cybersecurity-Study/DI_2018-Deloitte-NASCIO-Cybersecurity-Study.pdf
6. Using your research and comparing the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the state’s executive branch? Make sure that you address: (a) leadership, (b) compliance with laws and regulations, and (c) best practices for good government (especially with respect to cybersecurity practices).
Write:
Write a five to eight (5-8) page research-based report in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. It would be best if you focused upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your report must include the following:
1. An introduction or overview of IT Security Policies for the executive branch of state governments (covering state agencies and offices in the executive branch, including the governor’s office). Explain the purpose of an IT security policy and how states use security policies. Answer the question: Why should every state have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states and large or wealthy states.)
2. In a separate section, you provide and discuss five or more specific examples of the common principles and policy sections/statements (similarities) found in both IT security policy documents.
3. A separate section in which you discuss the unique aspects of the first state’s IT security policy document. Provide five specific principles, guidelines, or other content unique to the policy document.
4. A separate section in which you discuss the unique aspects of the second state’s IT security policy document. Provide five specific principles, guidelines, or other content unique to the policy document.
5. A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present five best practice recommendations for improving IT security policy documents. (Note: You may have different recommendations for individual policies depending on the characteristics of each document.)
7. A summary section in which you address the need for IT Security Policies at the state government level. Provide a convincing answer to the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? Make sure that you address: (a) leadership, (b) compliance with laws and regulations, and (c) best practices for good government.
Submit for Grading
Submit your work in MS Word format (.docx or .doc file) using the Project 2 Assignment in your assignment folder. (Attach the file.)
Additional Information
1. Consult the grading rubric for this assignment's specific content and formatting requirements, including the minimum number of sources.
2. Your 5–8-page research-based report should be professional in appearance, with consistent use of fonts, font sizes, margins, etc. It would be best to organize your paper Using headings and page breaks.
3. Your paper should use standard terms and definitions for cybersecurity.
4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Paper_Template(TOC+TOF,2021).docx.
5. You must include a cover page with the assignment title, name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
6. It would help if you wrote grammatically correct English in every assignment you submit for grading. Only turn in work with (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct, and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
7. You must credit your sources using in-text citations and reference list entries. Your citations and reference list entries must follow a consistent citation style (APA, MLA, etc.).
CSIA 360: Cybersecurity in Government Organizations
Project 2: Compare / Contrast Two State Government IT Security Policies
For this research-based report, you will perform a comparative analysis that examines the strengths and weaknesses of two existing IT Security Policies published by state governments for their operating departments and agencies (agencies and offices of the executive branch under the leadership of the state governors). (You will select two policies from the table under Research > Item #1.)
Your specific focus for this analysis will be how these states issued policies guide the implementation of (a) Risk Analysis (aligned with NIST SP 800-30 and SP 800-37) and (b) System Authorization processes aligned with the seven (7) domains of the Certified Authorization Professional certification.
Your analysis must consider best practices and other recommendations for improving cybersecurity for state government information technology operations (i.e. those operated by or for state agencies and offices). Your paper should also address the question: why should every nation have a comprehensive IT security policy for state agencies and offices that implement risk assessment processes and system authorization processes to reduce and mitigate risk?
Read / Review:
1. Review the seven (7) domains of the Certified Authorization Professional (in the course textbook):
· Information Security Risk Management Program
· Scope of the Information System
· Selection and Approval of Security and Privacy Controls
· Implementation of Security and Privacy Controls
· Assessment/Audit of Security and Privacy Controls
· Authorization/Approval of Information System
· Continuous Monitoring
2. Review the NIST best practices guidance in NIST SP 800-30 and NIST SP 800-37 (read chapters 1 & 2 in each document).
Research:
1. Select two state government IT Security Policies from the list below.
State |
IT Security Policy |
Illinois |
|
Massachusetts |
https://www.mass.gov/policy-advisory/enterprise-information-security-policy |
Michigan |
|
Minnesota |
|
Nebraska |
|
North Carolina |
|
Oklahoma |
https://oklahoma.gov/content/dam/ok/en/omes/documents/InfoSecPPG.pdf |
South Dakota |
https://bit.sd.gov/docs/Information%20Technology%20Security%20Policy%20-%20Contractor.pdf |
Virginia |
2. Download and review your selected state governments’ IT Security Policy documents. If the IT Security policy document refers to a separate System Authorization Policy, download and then include that supporting document in your review and analysis for this project.
3. Analyze the System Authorization processes listed in the two IT Security Policy documents.
a. How well do these align with the best practices listed in the CAP Certification Body of Knowledge?
b. How well do the Risk Assessment processes align with guidance provided in NIST SP 800-30 and NIST SP 800-37?
4. Continuous your analysis from step 3 and use it to compare the System Authorization activities listed in the state IT security policies.
a. Develop five or more points that are common across the two documents. (Similarities)
b. Identify and review at least three unique items in each document. (Differences)
5. Research best practices for IT Security and/or IT Security Policies for state governments. Here are several sources which you may find helpful:
a. https://www.nist.gov/cyberframework/perspectives/state-local-tribal-and-territorial-perspectives
6. Using your research and comparing the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the state’s executive branch? Make sure that you address: (a) leadership, (b) compliance with laws and regulations, and (c) best practices for good government (especially with respect to cybersecurity practices) .
Write:
Write a five to eight (5-8) page research-based report in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. It would be best if you focused upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your report must include the following:
1. An introduction or overview of IT Security Policies for the executive branch of state governments (covering state agencies and offices in the executive branch, including the governor’s office). Explain the purpose of an IT security policy and how states use security policies. Answer the question: Why should every state have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states and large or wealthy states.)
2. In a separate section, you provide and discuss five or more specific examples of the common principles and policy sections/statements (similarities) found in both IT security policy documents.
4. A separate section in which you discuss the unique aspects of the second state’s IT security policy document. Provide five specific principles, guidelines, or other content unique to the policy document.
5. A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present five best practice recommendations for improving IT security policy documents. (Note: You may have different recommendations for individual policies depending on the characteristics of each document.)
7. A summary section in which you address the need for IT Security Policies at the state government level. Provide a convincing answer to the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? Make sure that you address: (a) leadership, (b) compliance with laws and regulations, and (c) best practices for good government.
Submit for Grading
Submit your work in MS Word format (.docx or .doc file) using the Project 2 Assignment in your assignment folder. (Attach the file.)
Additional Information
1. Consult the grading rubric for this assignment's specific content and formatting requirements, including the minimum number of sources.
2. Your 5–8-page research-based report should be professional in appearance, with consistent use of fonts, font sizes, margins, etc. It would be best to organize your paper Using headings and page breaks.
3. Your paper should use standard terms and definitions for cybersecurity.
4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Paper_Template(TOC+TOF,2021).docx.
5. You must include a cover page with the assignment title, name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
6. It would help if you wrote grammatically correct English in every assignment you submit for grading. Only turn in work with (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct, and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
7. You must credit your sources using in-text citations and reference list entries. Your citations and reference list entries must follow a consistent citation style (APA, MLA, etc.).
Copyright ©2022 by University of Maryland University College. All Rights Reserved
image1.png
,
Running head: PAPER TEMPLATE 1
Title of Paper
Your Name
Month Day, Year
2
Running head: PAPER TEMPLATE
Table of Contents
Table of Figures ……………………………………………………………………………………………………………… 2
Introduction ……………………………………………………………………………………………………………………. 3
Analysis…………………………………………………………………………………………………………………………. 3
First Sub-section …………………………………………………………………………………………………………. 3
Second Sub-section ……………………………………………………………………………………………………… 4
Summary and Conclusions ………………………………………………………………………………………………. 4
References ……………………………………………………………………………………………………………………… 5
Table of Figures
Figure 1. References Tab in MS Word (Microsoft, 2021). ……………………………………………………. 3
3
Running head: PAPER TEMPLATE
Introduction
This template was built from APA 6 th
edition requirements. You may continue to use it in
CSIA classes for your projects and papers even though the university has officially adopted APA
version 7. The requirement for CSIA assignments is that your work be professional in
appearance and that sources are cited and referenced using a manner or style that is consistent
and provides enough information so that readers can fact-check your work.
Paragraph. Use the Normal Indent style to indent your paragraphs as First Line Indent by
½ inch. This style will also double space between lines. Do not hit the ENTER key until you
have finished your paragraph. Let MS Word wrap lines within the paragraph itself.
In your reference section, use the Reference style from the style gallery to indent your
entries as Hanging Indent by ½ inch. This style will also double space your references for you.
Do NOT hit the ENTER key until you come to the END of a reference entry. If you want to
force MS Word to wrap long URLs, use the Insert->Symbol feature to insert a no width optional
break character. Or, turn on paragraph marks (so that you can see the symbol for the character)
and copy/paste this character (immediately to the left of the opening parenthesis for this clause
you should see two gray squares, one inside the other). If you do not see the character, then you
do not have paragraph marks turned on (click on the ¶ symbol in the paragraph formatting group
on the Home Ribbon).
Analysis
Paragraphs. Use sub-headings as necessary and only if you have at least two sub-sections
underneath a major section heading. If you are adding figures, make sure that you include a
caption below each one (see Figure 1).
4
Running head: PAPER TEMPLATE
First Sub-section
Paragraph
Figure 1. References Tab in MS Word (Microsoft, 2021).
Second Sub-section
Paragraph
Summary and Conclusions
Paragraph
5
Running head: PAPER TEMPLATE
References
Microsoft. (2021). Microsoft Word (Office 365). Redmond, WA: Author.
Reynolds, G. W. (2010). Ethics in the information age (3rd ed.). Boston, MA: Course
Technology.
- Title of Paper
- Table of Figures
- Introduction
- Analysis
- First Sub-section
- Second Sub-section
- Summary and Conclusions
- References
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
