User Account

All Pages

Explain the purpose of an it security policy

Assignment Help Computer Engineering
Reference no: EM133647653

Homework: Cybersecurity in Government Organizations- Compare / Contrast Two State Government IT Security Policies

For this research-based report, you will perform a comparative analysisthat examines the strengths and weaknesses of two existing IT Security Policies published by state governments for their operating departments and agencies (agencies and offices of the executive branch under the leadership of the state governors). (You will select two policies from the table under Research > Item #1.)

Your specific focus for this analysis will be how these state issued policies guide the implementation of (i) Risk Analysis (aligned with NIST SP 800-30 and SP 800-37) and (ii) System Authorization processes aligned with the 7 domains of the Certified Authorization Professional certification.

Your analysis must include consideration of best practices and other recommendations for improving cybersecurity for state government information technology operations (i.e. those operated by or for state agencies and offices). Your paper should also address the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices that implements risk assessment processes and system authorization processes to reduce and mitigate risk?

A. Read / Review:

I. Review the 7 domains of the Certified Authorization Professional (in the course textbook):

1. Information Security Risk Management Program
2. Scope of the Information System
3. Selection and Approval of Security and Privacy Controls
4. Implementation of Security and Privacy Controls
5. Assessment/Audit of Security and Privacy Controls
6. Authorization/Approval of Information System
7. Continuous Monitoring

II. Review the NIST best practices guidance in NIST SP 800-30 and NIST SP 800-37 (read chapters 1 & 2 in each document).

B. Research:

I. Select two state government IT Security Policies from the list below.

State

IT Security Policy

Illinois

 

Massachusetts

 

Michigan

 

Minnesota

 

Nebraska

 

North Carolina

 

Oklahoma

 

South Dakota

 

Virginia

 

II. Download and review your selectedstate governments' IT Security Policy documents.If the IT Security policy document refers to a separate System Authorization Policy, download and then include that supporting document in your review and analysis for this project.

III. Analyze the System Authorization processes listed in the two IT Security Policy documents.

1. How well do these align with the best practices listed in the CAP Certification Body of Knowledge?
2. How well do the Risk Assessment processes align with guidance provided in NIST SP 800-30 and NIST SP 800-37?

IV. Continuous your analysis from step 3 and use it to compare the System Authorization activities listed in the state IT security policies.

1. Develop five or more points that are common across the two documents. (Similarities)
2. Identify and review at least three unique items in each document. (Differences)

V. Research best practices for IT Security and/or IT Security Policies for state governments.Here are severalsources which you may find helpful.

VI. Using your research and your comparison of the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the state's executive branch? Make sure that you address: (a) leadership, (b) compliance with laws and regulations, and (c) best practices for good government (especially with respect to cybersecurity practices).

C. Write:

Write a five to eight pages research-based report in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your report must include the following:

I. An introduction or overview of IT Security Policiesfor the executive branch of state governments (covering state agencies andoffices in the executive branch including the governor's office). Explain the purpose of an IT security policy and how states use security policies. Answer the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states as well as to large or wealthy states.)

II. A separate section in which you provide and discuss five or more specific examples of the common principles and policy sections/statements (similarities) found in both IT security policy documents.

III. A separate section in which you discuss the unique aspects of the first state's IT security policy document. Provide five or more specific principles or guidelines or other content that is unique to the policy document.

IV. A separate section in which you discuss the unique aspects of the second state's IT security policy document. Provide five or more specific principles or guidelines or other content that is unique to the policy document.

V. A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present five or more best practicerecommendations for improvements for both IT security policy documents. (Note: you may have different recommendations for the individual policies depending upon the characteristics of each document.)

VI. A summary section in which you address the need for IT Security Policies at the state government level. Provide a convincing answer to the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? Make sure that you address: (i) leadership, (ii) compliance with laws and regulations, and (iii) best practices for good government.

Reference no: EM133647653

Questions Cloud

Behavior plan defines elopement behavior : Brody's behavior plan defines his elopement behavior as anytime he leaves the classroom without permission from the teacher.
Discusses two canadian beer companies and argues : BUSI1602 Global Business and Sustainability, University of Greenwich - Analyse in detail Matt Zwolinski's argument in favour of sweatshop labour.
Could interfere with counseling abilities : Discuss a personal prejudice/bias that could interfere with counseling abilities. Describe what you have done or will do to make the necessary adjustment.
Breakthrough intervention for child survival : Universal dosing of the antibiotic azithromycin to young children may be the next breakthrough intervention for child survival?
Explain the purpose of an it security policy : CSIA 360- Explain the purpose of an IT security policy and how states use security policies. Discuss unique aspect of second state's IT security policy document
Explain the distinct roles of each of the professionals : Explain the distinct roles of each of the professionals in this scenario. Indicate how these roles are similar and how they differ with examples
Intelligence-gathering networks : Which of the following cult personalities develops his or her own intelligence-gathering networks and instills an uneasy obedience to ensure
What effects does test anxiety : What effects does test anxiety have on students' performance on assessments? What types of students are particularly prone to high test anxiety?
What distinctions exist between values-ethics-laws : What distinctions exist between values, ethics, laws, and standards, and how do they each influence individuals, groups, and larger societies?

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd