Compare/Contrast Two State Government IT Security Policies, writing homework help
Topic: Cybersecurity for Local and Municipal GovernmentsIn many ways, cybersecurity is as much a local problem as it is a state, national, or international problem. Local governments are smaller and have fewer available resources than state governments or the federal government. Yet, their IT operations face the same or substantially similar threats from insiders, hackers, criminals, and other "bad actors."Local governments collect, store, process, and disseminate sensitive information about residents and businesses within their jurisdictions. Local governments also collect fees, taxes, and utility bills through online payment systems. Residents may be able to apply online for business and marriage licenses. Records of births, deaths, wills, and real estate transactions are maintained in IT systems operated by local governments. These IT-based activities almost invariably involve some form of connection to the Internet.For the readings this week, we begin with a brief overview of the roles, responsibilities, and powers of local governments. As you read, you should make note of the degree to which local governments are empowered by the states in which they are located. This empowerment may be through the state's constitution or through laws and regulations enacted by the state government.Usually, local governments are empowered by their states to levy and collect taxes and fees to support their operations and programs. But, few localities have a sufficient tax base to provide funding for all of their citizens and residents wants. This means that local governments usually operate in a resource challenged environment and must make every dollar count. Every dollar spent on Information Technology or Cybersecurity is a dollar that is not available for education, parks, road maintenance, and garbage pickup. This means that local politicians and managers may not have the funding available to invest in cybersecurity beyond the bare minimums required to meet the requirements of independent auditors and insurance companies.We will also examine the types of information which local governments are responsible for, how the localities may be vulnerable to cyber attacks, and the measures that some have taken to protect the information and infrastructures for which they are responsible. For examples of online services and types of information held and processed by local governments, please see these websites for local governments near UMUC offices in Adelphi and Largo, Maryland:Town: http://uppermarlboromd.gov/City: http://www.collegeparkmd.gov/City: http://www.cityofbowie.orgCounty: http://countyclick.princegeorgescountymd.gov/Finally, as you read and review this week's materials, think about how advances in technologies, from Smart Cities to Smart Cars to Smart Homes, will impact cybersecurity requirements for towns, cities, counties, and other local governments in the very near future. You will have an opportunity to study some of these technologies and associated vulnerabilities in later courses in the CSIA major.Major Assignment due this week: Paper #3: Compare / Contrast IT Security Policies between two state governments.Show data table for This chart displays the number of completed topics versus the total number of topics within module Week 6..Local Governments: Authorities, Structures, & FinancesCybersecurity Challenges for Local GovernmentsMulti-State Information Sharing and Analysis CenterPartnerships for Improving State and Local Government CybersecurityProvide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.repare a one page briefing statement (3 to 5 paragraphs) for a group of state government employees and local government city managers who are interested in learning more about the benefits of working with the Multi-State Information Sharing and Analysis Center (MS-ISAC). Their specific interest is in obtaining help in preventing data breaches since state agencies and city governments collect, process, transmit, and store large amounts of private information about individuals. This information includesStudent Records (K-12)Online Reservation & Payment Systems for Parks & Recreation FacilitiesHospitals (Patient Records)Vital Records (Birth / Death Certificates)License Applications (Marriage, Business, Driver's Licenses)Building Permits (including architectural drawings and property information)Your briefing statement should provide an independent perspective on the services provided by MS-ISAC and address concerns about the affordability of the ISAC’s services. Answer the questions:Will working with MS-ISAC reduce the risks of data breaches in my organization?Why or why not?Who else could each city partner with to reduce the risks and impacts of data breaches?Resource: https://msisac.cisecurity.org/about/services/Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.Timeliness of Initial PostingOn TimeLateVery LateNo SubmissionTimeliness of Briefing Statement or Paper12 pointsPosted briefing statement or paper before 11:59 PM ET on Friday.10 pointsPosted briefing statement or paper before 11:59 PM ET on Saturday.5 pointsPosted briefing statement or paper before 11:59 PM ET on Sunday.0 pointsDid not post a briefing statement or paper before 11:59 PM ET on Sunday.Briefing Statement or PaperExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or No Work SubmittedIntroduction to Briefing Statement or Paper10 pointsProvided an excellent introduction to the deliverable which clearly, concisely, and accurately addressed the topic of the briefing statement or paper. Appropriately paraphrased information from authoritative sources.8.5 pointsProvided an outstanding introduction to the deliverable which clearly and accurately addressed the topic of the briefing statement or paper. Appropriately paraphrased information from authoritative sources.7 pointsProvided an acceptable introduction to the deliverable which addressed the topic of the briefing statement or paper. Appropriately paraphrased information from authoritative sources.6 pointsProvided an introduction to the deliverable but the section lacked some required details. Information from authoritative sources was mentioned.4 pointsAttempted to provide an introduction to the deliverable but this section lacked detail and/or was not well supported by information drawn from authoritative sources (too many quotations or improper paraphrasing).0 pointsIntroduction was missing or no work submitted.Analysis15 pointsProvided an excellent analysis of the issues for the required briefing topic. Addressed at least three separate issues and provided appropriate examples for each. Appropriately used and cited information from authoritative sources.13.5 pointsProvided an outstanding analysis of the issues for the required briefing topic. Addressed at least two separate issues and provided appropriate examples for each. Appropriately used and cited information from authoritative sources.12 pointsProvided an acceptable analysis of the issues for the required briefing topic. Addressed at least one specific issue and provided an appropriate example. Appropriately used and cited information from authoritative sources.11 pointsAddressed the required briefing topic but the analysis lacked details or was somewhat disorganized. Appropriately used and cited information from authoritative sources.8 pointsMentioned the required briefing topic but the analysis was very disorganized or off topic. OR, the analysis did not appropriately use information from authoritative sources (too many quotations or improper paraphrasing).0 pointsAnalysis was missing or no work was submitted.Summary10 pointsIncluded an excellent summary section for the briefing statement or paper which was on topic, well organized, and covered at least 3 key points. The summary contained at least one full paragraph.8.5 pointsIncluded an outstanding summary paragraph for the briefing statement or paper which was on topic and covered at least 3 key points.7 pointsIncluded a summary paragraph for the briefing statement or paper which was on topic and provided an appropriate closing.6 pointsIncluded a summary paragraph but, this section lacked content or was disorganized.4 pointsIncluded a few summary sentences for the briefing statement or paper.0 pointsDid not include a summary for the briefing statement or paper.Use of Authoritative Sources5 pointsIncluded and properly cited three or more authoritative sources (no errors).4 pointsIncluded and properly cited three or more authoritative sources (minor errors allowable).3 pointsIncluded and cited two or more authoritative sources (minor errors allowable). Reference list entries contain sufficient information to enable the reader to find and retrieve the cited sources.2 pointsIncluded and cited at least one authoritative source (errors allowable in citations or reference entries). Reference list entries contain sufficient information to enable the reader to find and retrieve the cited sources.1 pointMentioned at least one authoritative source but, the citations and/or reference list entries lacked required information (not sufficient to retrieve the correct resource).0 pointsReferences and citations were missing. Or, no work submitted.Professionalism10 pointsNo formatting, grammar, spelling, or punctuation errors. Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.8.5 pointsWork contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance. Work needs some polishing to improve professional appearance.7 pointsErrors in formatting, spelling, grammar, or punctuation which need attention / editing to improve professional appearance of the work.6 pointsSubmitted work has numerous errors in formatting, spelling, grammar, or punctuation. Substantial polishing / editing is required.4 pointsSubmitted work is difficult to read and/or understand. OR, work has significant errors in formatting, spelling, grammar, punctuation, or word usage which detract from the overall professional appearance of the work.0 pointsNo submission.Timeliness of PostingsOn TimeLateVery LateFirst Critique for Another Student2 pointsPosted a critique of another student's briefing statement or paper before 11:59 pm ET on Saturday.1 pointPosted a critique of another student's briefing statement or paper before 11:59 pm ET on Sunday.0 pointsDid not post a critique of another student's briefing statement or paper before 11:59 PM ET on Sunday.Second Critique for Another Student2 pointsPosted a second critique of another student's briefing statement or paper before 11:59 pm ET on Saturday.1 pointPosted a second critique of another student's briefing statement or paper before 11:59 pm ET on Sunday.0 pointsDid not post a second critique of another student's briefing statement or paper before 11:59 PM ET on Sunday.Follow-Up Reply or Discussion Participation2 pointsPosted a follow-up reply or discussion posting before 11:59 pm ET on Sunday.0 pointsPosted a follow-up reply or discussion posting after 11:59 pm ET on Sunday.0 pointsDid not post a follow-up reply in the week's topic.Second Follow-Up Reply or Discussion Posting2 pointsPosted a second follow-up reply or discussion posting before 11:59 pm ET on Sunday.0 pointsPosted a second follow-up reply or discussion posting after 11:59 pm ET on Sunday.0 pointsDid not post a second follow-up reply in the week's topic.Quality of Discussion PostingsExcellentAcceptableNeeds ImprovementLow-Quality or No Work SubmittedCritique #1 for Another Student's Briefing Statement or Paper10 pointsPosted an excellent critique for another student's briefing statement or paper. Critique focused on ways in which the content could be improved and/or better organized. Provided 3 or more specific examples and added value to the discussion.8.5 pointsPosted an acceptable critique for another student's briefing statement or paper. Critique focused on ways in which the content could be improved and/or better organized. Provided at least one specific example and added value to the discussion.7 pointsPosted a critique of another student's briefing statement or paper. Critique provided at least one suggestion for improvement.0 pointsPosting was missing or did not add contain a critique of the briefing statement or paper.Critique #2 for Another Student's Briefing Statement or Paper10 pointsPosted an excellent critique for another student's briefing statement or paper. Critique focused on ways in which the content could be improved and/or better organized. Provided 3 or more specific examples and added value to the discussion.8.5 pointsPosted an acceptable critique for another student's briefing statement or paper. Critique focused on ways in which the content could be improved and/or better organized. Provided at least one specific example and added value to the discussion.7 pointsPosted a critique of a second student's briefing statement or paper. Critique provided at least one suggestion for improvement.0 pointsPosting was missing or did not add contain a critique of the briefing statement or paper.Follow-up Reply or Comment #15 pointsPosted a follow-up reply or comment which added value to the discussion.4 pointsPosted an acceptable follow-up reply or comment which added some value to the discussion.3 pointsPosted a follow-up reply or comment but added little value to the discussion.0 pointsPosting was missing or did not add value to the discussion.Follow-up Reply or Comment #25 pointsPosted a follow-up reply or comment which added value to the discussion.4 pointsPosted an acceptable follow-up reply or comment which added some value to the discussion.3 pointsPosted a follow-up reply or comment but added little value to the discussion.0 pointsPosting was missing or did not add value to the discussion.Overall ScoreExcellent100 or moreOutstanding85 or moreAcceptable75 or moreNeeds Improv#2. Paper #3: Compare / Contrast Two State Government IT Security PoliciesScenario: Volunteers have been recruited to help state governments improve their cybersecurity practices. The coordinating committee has decided that the first task these volunteers undertake will be a comparative analysis which examines the strengths and weaknesses of existing IT Security Policies for state governments (agencies and offices of the executive branch under the leadership of the state governors). Since you volunteered early, you have your pick of any two states’ IT Security Policies from the list published by the Multi-State Information Sharing and Analysis Center (MSISAC). (See item #1 under Research.) Research:1.Select two state government IT Security Policies. Use the list at https://msisac.cisecurity.org/state/ (if you encounter a broken link, you may search for that state’s policy or choose a different state).2.Download and review your selected state governments’ IT Security Policy documents. 3.Develop five or more points which are common across the two documents. (Similarities)4.Identify and review at least three unique items in each document. (Differences)5.Research best practices for IT Security and/or IT Security Policies for state governments. Here are two sources which you may find helpful:a.http://www.nascio.org/Portals/0/Publications/Documents/Deloitte-NASCIOCybersecurityStudy_2014.pdf b.http://www.nascio.org/Portals/0/Publications/Documents/NASCIO-SecurityFrameworks.pdf 6.Using your research and your comparison of the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the state’s executive branch?Write:Write a five (5) to eight (8) page white paper in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your white paper must include the following:1.An introduction or overview of IT Security Policies for the executive branch of state governments (covering state agencies and offices in the executive branch including the governor’s office). Explain the purpose of an IT security policy and how it is used. Answer the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states as well as to large or wealthy states.) 2.A separate section in which you discuss the common principles and policy sections / statements (similarities) found in both IT security policy documents. 3.A separate section in which you discuss the unique aspects of the first state’s IT security policy document.4.A separate section in which you discuss the unique aspects of the second state’s IT security policy document.5.A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present best practice based recommendations for improvements for both IT security policy documents. (Note: you may have different recommendations for the individual policies depending upon the characteristics of each document.)Submit For Grading 1.Submit your white paper in MS Word format (.docx or .doc file) using the OPEN Data Assignment in your assignment folder. (Attach the file.)2.You must also submit your white paper to TurnItIn before the due date for this assignment.Additional Information1.Your white paper should use standard terms and definitions for cybersecurity concepts. The following sources are recommended:a.ISACA Glossary http://www.isaca.org/pages/glossary.aspx b.Guidelines on Security and Privacy in Public Cloud Computing http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf 2.You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy. 3.Use APA 6th edition style (formatting) for the organization and appearance of the MS Word document that you submit to your assignment folder. This includes margins, section headings, and consistent use of fonts (Times New Roman 12 in black), paragraph styles (first line indent by ½ inch), and line spacing (double). Formatting requirements and examples are found under Course Resources > APA Resources. Your file should contain both a title page and a separate References page. Use page breaks to ensure that the title page and references page are separate from the body of the paper. 4.You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. These items are graded under Professionalism and constitute 15% of the assignment grade. have a comprehensive IT Security Policy? Addressed the importance of such strategies to small, resource-poor states as well as to larger or more wealthy states. The overview appropriately used information from 3 or more authoritative sources.14 pointsProvided an outstanding introduction or overview of IT Security Policies for the executive branch of state governments. Explained the purpose of an IT Security Policy and how it is used. Addressed the question: why should every state in the nation have a comprehensive IT Security Policy? Addressed the importance of such strategies to small, resource-poor states as well as to larger or more wealthy states. The overview appropriately used information from 2 or more authoritative sources.13 pointsIntroduced IT security policies; explained the purpose of an IT security policy for state governments and how such policies are used. Addressed the question: why should every state have an IT security policy? Mentioned the importance of such policies to small, resource-poor states as well as to larger or wealthier states. The overview appropriately used information from 1 or more authoritative sources.11 pointsProvided an overview of IT security policies but the section lacked important details. Information from authoritative sources was cited and used in the overview.4 pointsAttempted to provide an introduction to the paper but this section lacked detail and/or was not well supported by information drawn from authoritative sources. 0 pointsThe introduction and/or overview sections of the paper were off topic. Common Principles / Policies / Guidance between the two IT Security Policies15 pointsProvided an excellent discussion of the common principles and policies (similarities) found in both IT security policies. Correctly identified the two states used for the analysis. Provided 5 or more specific examples of content which was similar between the two documents. Appropriately used information from 3 or more authoritative sources.14 pointsProvided an outstanding discussion of the common principles and policy sections / statements (similarities) found in both IT security policy documents. Correctly identified the two states used for the analysis. Provided 4 or more specific examples of content which was similar between the two documents.Appropriately used information from 2 or more authoritative sources.13 pointsProvided a discussion of the common principles and policy sections / statements (similarities) found in both IT security policy documents. Correctly identified the two states used for the analysis. Provided 3 or more specific examples of content which was similar between the two documents. Appropriately used information from 1 or more authoritative sources.11 pointsProvided a discussion of similarities between the two documents including at least two examples. Correctly identified the two states. Appropriately used information from authoritative sources.4 pointsProvided a discussion of similarities between the two documents including at least one example. The discussionlacked detail and/or was not well supported by information drawn from authoritative sources.0 pointsThis section was missing, off topic, or failed to provide information about similarities in the two documents.Unique Aspects of State #1's IT Security Policy15 pointsProvided an excellent discussion of the unique aspects of the IT Security Policy for state #1. Provided 5 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from 3 or more authoritative sources.14 pointsProvided an outstanding discussion of the unique aspects of the IT Security Policy for state #1. Provided 4 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from 2 or more authoritative sources.13 pointsProvided a discussion of the unique aspects of the IT Security Policy for state #1. Provided 3 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from 1 or more authoritative sources.11 pointsProvided a brief discussion of the unique aspects of the IT Security Policy for state #1. Provided 2 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from authoritative sources.4 pointsMentioned unique aspects of the IT Security Policy for state #1. The discussionlacked detail and/or was not well supported by information drawn from authoritative sources.0 pointsThis section was missing, off topic, or failed to provide information aboutunique aspects of the IT Security Policy document.Unique Aspects of State #2's IT Security Policy15 pointsProvided an excellent discussion of the unique aspects of the IT Security Policy for state #2. Provided 5 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from 3 or more authoritative sources.14 pointsProvided an outstanding discussion of the unique aspects of the IT Security Policy for state #2. Provided 4 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from 2 or more authoritative sources.13 pointsProvided a discussion of the unique aspects of the IT Security Policy for state #2. Provided 3 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from 1 or more authoritative sources.11 pointsProvided a brief discussion of the unique aspects of the IT Security Policy for state #2. Provided 2 or more examples of specific principles or guidelines or other content which were unique to the policy document. Appropriately used information from authoritative sources.4 pointsMentioned unique aspects of the IT Security Policy for state #2. The discussionlacked detail and/or was not well supported by information drawn from authoritative sources.0 pointsThis section was missing, off topic, or failed to provide information aboutunique aspects of the IT Security Policy document.Evaluation and Best Practice Based Recommendations for Improvements10 pointsProvided a well reasoned and appropriately justified evaluation of which state's IT Security Policy was the better of the two documents. Presented an excellent summary for 5 or more best practice based recommendations for improvements to both IT Security Policies. Answered the question: How can these policies be improved? Appropriately used information from 3 or more authoritative sources.8.5 pointsProvided an evaluation of which state's IT Security Policy was the better of the two documents. Presented an outstanding summary for 3 or more best practice based recommendations for improvements to both IT Security Policies. Answered the question: How can these policies be improved? Appropriately used information from 2 or more authoritative sources.7 pointsProvided an evaluation of which state's IT Security Policy was the better of the two documents. Presented a summary of best practice based recommendations for improvements to both IT Security Policies. Answered the question: How can these policies be improved? Appropriately used information from 1 or more authoritative sources.6 pointsDiscussion provided some information about best practices for IT Security Policies and mentioned recommendations for improving the current policy documents. Mentioned information obtained from authoritative sources.4 pointsDiscussion provided some information about best practices for IT security policies, but the lacked detail and/or was not supported by information from authoritative sources.0 pointsDid not address best practices for IT security policies.Addressed security issues using standard cybersecurity terminology5 pointsDemonstrated excellence in the integration of standard cybersecurity terminology into the case study.4 pointsProvided an outstanding integration of standard cybersecurity terminology into the case study.3 pointsIntegrated standard cybersecurity terminology into the into the case study2 pointsUsed standard cybersecurity terminology but this usage was not well integrated with the discussion.1 pointMisused standard cybersecurity terminology.0 pointsDid not integrate standard cybersecurity terminology into the discussion.APA Formatting for Citations and Reference List5 pointsWork contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate APA style for each type of resource.4 pointsWork contains a reference list containing entries for all cited resources. One or two minor errors in APA format for in-text citations and/or reference list entries.3 pointsWork contains a reference list containing entries for all cited resources. No more than 3 minor errors in APA format for in-text citations and/or reference list entries.2 pointsWork has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in APA format for in-text citations and/or reference list entries.1 pointWork attempts to credit sources but demonstrates a fundamental failure to understand and apply the APA formatting standard as defined in the Publication Manual of the American Psychological Association (6th ed.).0 pointsReference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.Professionalism Part I: Organization & Appearance5 pointsSubmitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.4 pointsSubmitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).3 pointsOrganization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.2 pointsSubmitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.1 pointSubmitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.0 pointsSubmitted work is poorly organized and formatted. Writing and presentation are lacking in professional style and appearance. Work does not reflect college level writing skills.Professionalism Part II: Execution15 pointsNo formatting, grammar, spelling, or punctuation errors.14 pointsWork contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.13 pointsErrors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.11 pointsSubmitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance.4 pointsSubmitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.0 pointsSubmitted work is poorly executed OR does not reflect college level work.Overall ScoreExcellent90 or moreOutstanding80 or moreAcceptable70 or moreNeeds Improvement56 or moreNeeds Significant Improvement36 or moreMissing or Unacceptable0 or moreClose