Read / Review:
- Review the 7 domains of the Certified Authorization Professional (in the course textbook):
⢠Information Security Risk Management Program
⢠Scope of the Information System
⢠Selection and Approval of Security and Privacy Controls
⢠Implementation of Security and Privacy Controls
⢠Assessment/Audit of Security and Privacy Controls
⢠Authorization/Approval of Information System
⢠Continuous Monitoring - Review the NIST best practices guidance in NIST SP 800-30 and NIST SP 800-37 (read chapters 1 & 2 in each document).
Research: - Select two state government IT Security Policies from the list below.
State IT Security Policy
Illinois https://www2.illinois.gov/sites/doit/support/policies/Documents/Overarching%20Enterprise%20Information%20Security%20Policy.pdf
Massachusetts https://www.mass.gov/policy-advisory/enterprise-information-security-policy
Michigan https://www.michigan.gov/documents/dmb/1340_193162_7.pdf
Minnesota https://mn.gov/mnit/government/policies/security/#/list/appId//filterType//filterValue//page/1/sort//order/
Nebraska https://nitc.nebraska.gov/standards/8-Chapter.pdf
North Carolina https://files.nc.gov/ncdit/documents/Statewide_Policies/Statewide-Information_Security_Manual.pdf
Oklahoma https://oklahoma.gov/content/dam/ok/en/omes/documents/InfoSecPPG.pdf
South Dakota https://bit.sd.gov/docs/Information%20Technology%20Security%20Policy%20-%20Contractor.pdf
Virginia https://www.vita.virginia.gov/media/vitavirginiagov/it-governance/psgs/pdf/SEC519-Information-Security-Policy.pdf - Download and review your selected state governmentsâ IT Security Policy documents. If the IT Security policy document refers to a separate System Authorization Policy, download and then include that supporting document in your review and analysis for this project.
- Analyze the System Authorization processes listed in the two IT Security Policy documents.
a. How well do these align with the best practices listed in the CAP Certification Body of Knowledge?
b. How well do the Risk Assessment processes align with guidance provided in NIST SP 800-30 and NIST SP 800-37? - Continuous your analysis from step 3 and use it to compare the System Authorization activities listed in the state IT security policies.
a. Develop five or more points that are common across the two documents. (Similarities)
b. Identify and review at least three unique items in each document. (Differences) - Research best practices for IT Security and/or IT Security Policies for state governments. Here are several sources which you may find helpful:
a. https://www.nist.gov/cyberframework/perspectives/state-local-tribal-and-territorial-perspectives
b. https://www2.deloitte.com/insights/us/en/industry/public-sector/nascio-survey-government-cybersecurity-strategies.html
c. https://www2.deloitte.com/content/dam/insights/us/articles/4751_2018-Deloitte-NASCIO-Cybersecurity-Study/DI_2018-Deloitte-NASCIO-Cybersecurity-Study.pdf - Using your research and your comparison of the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the stateâs executive branch? Make sure that you address: (a) leadership, (b) compliance with laws and regulations, and (c) best practices for good government (especially with respect to cybersecurity practices).
Write:
Write a five to eight (5-8) page research-based report in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your report must include the following: - An introduction or overview of IT Security Policies for the executive branch of state governments (covering state agencies and offices in the executive branch including the governorâs office). Explain the purpose of an IT security policy and how states use security policies. Answer the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states as well as to large or wealthy states.)
- A separate section in which you provide and discuss five or more specific examples of the common principles and policy sections/statements (similarities) found in both IT security policy documents.
- A separate section in which you discuss the unique aspects of the first stateâs IT security policy document. Provide five or more specific principles or guidelines or other content that is unique to the policy document.
- A separate section in which you discuss the unique aspects of the second stateâs IT security policy document. Provide five or more specific principles or guidelines or other content that is unique to the policy document.
- A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present five or more best practice recommendations for improvements for both IT security policy documents. (Note: you may have different recommendations for the individual policies depending upon the characteristics of each document.)
- A summary section in which you address the need for IT Security Policies at the state government level. Provide a convincing answer to the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? Make sure that you address: (a) leadership, (b) compliance with laws and regulations, and (c) best practices for good government.
Sample Solution
at times supplanted by a quick n-bit convey spread viper. A n by n exhibit multiplier requires n2 AND doors, n half adders, and n2 , 2n full adders. The Variable Correction Truncated Multiplication technique gives a proficient strategy to re-ducing the power dissemination and equipment necessities of adjusted exhibit multipliers. With this strategy, the diagonals that produce the t = n , k least critical item pieces are disposed of. To make up for this, the AND doors that create the halfway items for section t , 1 are utilized as contributions to the changed adders in segment t. Since the k excess changed full adders on the right-hand-side of the cluster don’t have to create item bits, they are supplanted by adjusted decreased full adders (RFAs), which produce a convey, yet don’t deliver a total. To add the consistent that revises for adjusting mistake, k , 1 of the MHAs in the second column of the exhibit are changed to altered concentrated half adders (SHAs). SHAs are identical to MFAs that have an informat>
GET ANSWER
at times supplanted by a quick n-bit convey spread viper. A n by n exhibit multiplier requires n2 AND doors, n half adders, and n2 , 2n full adders. The Variable Correction Truncated Multiplication technique gives a proficient strategy to re-ducing the power dissemination and equipment necessities of adjusted exhibit multipliers. With this strategy, the diagonals that produce the t = n , k least critical item pieces are disposed of. To make up for this, the AND doors that create the halfway items for section t , 1 are utilized as contributions to the changed adders in segment t. Since the k excess changed full adders on the right-hand-side of the cluster don’t have to create item bits, they are supplanted by adjusted decreased full adders (RFAs), which produce a convey, yet don’t deliver a total. To add the consistent that revises for adjusting mistake, k , 1 of the MHAs in the second column of the exhibit are changed to altered concentrated half adders (SHAs). SHAs are identical to MFAs that have an informat>
Is this question part of your Assignment?
We can help
Our aim is to help you get A+ grades on your Coursework.
We handle assignments in a multiplicity of subject areas including Admission Essays, General Essays, Case Studies, Coursework, Dissertations, Editing, Research Papers, and Research proposals
Header Button Label: Get Started NowGet Started Header Button Label: View writing samplesView writing samples