Compare/Contrast Two State Government IT Security Policies

Compare/Contrast Two State Government IT Security Policies

For this research-based report, you will perform a comparative analysis that examines the strengths and weaknesses of two existing IT Security Policies published by state governments (agencies and offices of the executive branch under the leadership of the state governors). You may choose any two states’ IT Security Policies from the list published by the Multi-State Information Sharing and Analysis Center (MSISAC). (See item #1 under Research.) 

Your analysis must include consideration of best practices and other recommendations for improving cybersecurity for state government information technology operations (state agencies and offices). Your paper should also address the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices?

Research:

1. Select two state government IT Security Policies. Use the list at https://www.cisecurity.org/partners-state-government/ (The list items are not clickable. Cut/paste your choices into the browser search field to find your selection.)

2. Download and review your selected state governments’ IT Security Policy documents. 

3. Develop five or more points that are common across the two documents. (Similarities)

4. Identify and review at least three unique items in each document. (Differences)

5. Research best practices for IT Security and/or IT Security Policies for state governments. Here are several sources which you may find helpful:

a. https://www.nist.gov/cyberframework/perspectives/state-local-tribal-and-territorial-perspectives 

b. https://www2.deloitte.com/insights/us/en/industry/public-sector/nascio-survey-government-cybersecurity-strategies.html 

c. https://www2.deloitte.com/content/dam/insights/us/articles/4751_2018-Deloitte-NASCIO-Cybersecurity-Study/DI_2018-Deloitte-NASCIO-Cybersecurity-Study.pdf 

6. Using your research and your comparison of the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the state’s executive branch?

Write:

Write a three- to five- page research-based report in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your report must include the following:

1. An introduction or overview of IT Security Policies for the executive branch of state governments (covering state agencies and offices in the executive branch including the governor’s office). Explain the purpose of an IT security policy and how states use security policies. Answer the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states as well as to large or wealthy states.) 

2. A separate section in which you discuss and provide five or more specific examples of the common principles and policy sections/statements (similarities) found in both IT security policy documents. 

3. A separate section in which you discuss the unique aspects of the first state’s IT security policy document. Provide five or more the policy document. e specific principles or guidelines or other content that is unique to the policy document.

4. A separate section in which you discuss the unique aspects of the second state’s IT security policy document. Provide five or more the policy document. e specific principles or guidelines or other content that is unique to the policy document.

5. A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present five or more best practice recommendations for improvements for both IT security policy documents. (Note: you may have different recommendations for the individual policies depending upon the characteristics of each document.) Answer the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices?

6. A separate section in which you summarize your research and recommendations.

Submit for Grading 

Submit your work in MS Word format (.docx or .doc file) using the Project 5 Assignment in your assignment folder. (Attach the file.)

Additional Information

1. Consult the grading rubric for specific content and formatting requirements for this assignment.

2. Your 3-5-page research-based report should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper. 

3. Your paper should use standard terms and definitions for cybersecurity. See Course Resources > Cybersecurity Concepts Review for recommended resources.

4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.  

5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count. 

6. You should write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.  

7. You must credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). 

Week 4 Discussion

    

For this discussion, you will need to address the question below and be sure to participate fully by responding to your classmates as well. Citations should be used to support your analysis and references should be included in APA format. Before you begin, be sure to review the Discussion Question Guidelines!

Productivity software (such as Excel or Google Sheets) is used by almost every business. Think in terms of your own field of study and future profession, in what ways could you use productivity software to increase efficiency in your work?

The Question:

•Productivity software (such as Excel or Google Sheets) is used by almost every business.  •Think in terms of your own field of study and future profession, in what ways could you use productivity software to increase efficiency in your work? 

Ask yourself:

•Please note this week Excel is studied. •What is productivity software (Excel)? •How is productivity software (Excel) increasing efficiency in your own field of study and future profession?  

Discussion help

 After reading Chapter 9 discuss how your employer prepares to establish, maintain, and execute your temporary work area to reestablish or maintain your business operations.  You can use information from your employer, outside research, or your personal work experiences as your basis for this discussion. 

Note – Attached Text Book

Assignment

You may have to do a little research here

 

Find at least one application that uses ECC 

Training

 

An  organization should establish an effective cybersecurity training  program for personnel having authorized access to critical cyber assets.

Create  a training plan for everyone who works at the organization. The  training plan should address (but is not limited to) the following:

  1. Articulate a culture of security awareness, collaboration, and buy-in among management, staff, clients, and stakeholders.
     
  2. Describe common security risks and how to avoid them.
     
  3. Describe policies, access controls, and procedures developed for critical electronic devices and communication networks.
     
  4. Describe the proper use of critical electronic devices and communication networks.
     
  5. Describe the proper handling of critical information.
     
  6. Present action plans and procedures to recover or reestablish critical electronic devices and communication networks.
     
  7. Address the risks resulting from insecure behavior of employees.
     

Organ Leader and Decision Making

 After completing the reading this week, we reflect on a few key concepts this week:

  1. Discuss what power in the context of leadership is and how it relates to bullying within organizations.  Also note how this impacts productivity.
  2. Discuss what organizational culture is and how it impacts work productivity.  Also, note how organizational culture impacts the success of innovation implementation.
  3. How does culture impact leadership? Can culture be seen as a constraint on leadership?

Application security Procedure guide

  

Scenario

Always Fresh wants to ensure its computers comply with a standard security baseline and are regularly scanned for vulnerabilities. You choose to use the Microsoft Security Compliance Toolkit to assess the basic security for all of your Windows computers, and use OpenVAS to perform vulnerability scans.

Tasks

Develop a procedure guide to ensure that a computer adheres to a standard security baseline and has no known vulnerabilities.

For each application, fill in details for the following general steps:

1. Acquire and install the application.

2. Scan computers.

3. Review scan results.

4. Identify issues you need to address.

5. Document the steps to address each issue.

Submission Requirements

§ Format: Microsoft Word (or compatible)

§ Font: Times New Roman, size 12, double-space

§ Citation Style: APA

§ Length: 2 pages

System Design

 system design documents for traffic monitoring  system (logic, processes, structure, etc.). Use the techniques from your MSIS System Analysis, Modeling and Design.