Question:

Compare / Contrast Two State Government IT Security PoliciesScenario:

Volunteers have been recruited to help state governments improve their cybersecurity practices. The coordinating committee has decided that the first task these volunteers undertake will be a comparative analysis which examines the strengths and weaknesses of existing IT Security Policies for state governments (agencies and offices of the executive branch under the leadership of the state governors). Since you volunteered early, you have your pick of any two states’ IT Security Policies from the list published by the Multi-State Information Sharing and Analysis Center (MSISAC). (See item #1 under Research.)

Research:

1.    Select two state government IT Security Policies. Use the list at https://msisac.cisecurity.org/state/   (if you encounter a broken link, you may search for that state’s policy or choose a different state).

2.    Download and review your selected state governments’ IT Security Policy documents.

3.    Develop five or more points which are common across the two documents. (Similarities)

4.    Identify and review at least three unique items in each document. (Differences)

5.    Research best practices for IT Security and/or IT Security Policies for state governments. Here are two  sources which you may find helpful:

a.    http://www.nascio.org/Portals/0/Publications/Documents/Deloitte-NASCIOCybersecurityStudy_2014.pdf  

b.    http://www.nascio.org/Portals/0/Publications/Documents/NASCIO-SecurityFrameworks.pdf  

6.    Using your research and your comparison of the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the state’s executive branch?

Write:

Write a five (5) to eight (8) page white paper in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your white paper must include the following:

1.    An introduction or overview of IT Security Policies for the executive branch of state governments (covering state agencies and offices in the executive branch including the governor’s office). Explain the purpose of an IT security policy and how it is used. Answer the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states as well as to large or wealthy states.)

2.    A separate section in which you discuss the common principles and policy sections / statements (similarities) found in both IT security policy documents.

3.    A separate section in which you discuss the unique aspects of the first state’s IT security policy document.

4.    A separate section in which you discuss the unique aspects of the second state’s IT security policy document.

5.    A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present best practice based recommendations for improvements for both IT security policy documents. (Note: you may have different recommendations for the individual policies depending upon the characteristics of each document.)

6.    A separate section in which you summarize your research and recommendations.

Submit For Grading

Submit your white paper in MS Word format (.docx or .doc file) using the OPEN Data Assignment in your assignment folder. (Attach the file.)

Additional Information

1.    Your white paper should use standard terms and definitions for cybersecurity concepts. The following sources are recommended:

a.    ISACA Glossary http://www.isaca.org/pages/glossary.aspx

b.    Guidelines on Security and Privacy in Public Cloud Computing http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf

2.    You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy.

3.    Use APA 6th edition style (formatting) for the organization and appearance of the MS Word document that you submit to your assignment folder. This includes margins, section headings, and consistent use of fonts (Times New Roman 12 in black), paragraph styles (first line indent by ½ inch), and line spacing (double). Formatting requirements and examples are found under Course Resources > APA Resources. Your file should contain both a title page and a separate References page. Use page breaks to ensure that the title page and references page are separate from the body of the paper.

4.    You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.