Case Study #2: Can we ensure that Digital Government services are secure?
Case Scenario:
You have been asked to participate in a panel discussion of security issues affecting digital
government Websites. Each panel member has been asked to select a specific Website (from the list
provided in Table 1) and then research (a) the information and services that it provides and (b) the
security issues which could impact the delivery of digital government services. Your two to three page
summary of your research will be provided to the panel audience in advance of the discussion.
Table 1. List of Approved Digital Government Websites
BENEFITS.GOV
DIGITALGOV.GOV
GRANTS.GOV
RECREATION.GOV
SERVE.GOV
USAJOBS.GOV
Base URLs
CANCER.GOV
CONSUMERFINANCE.GOV
DISASTERASSISTANCE.GOV FOODSAFETY.GOV
HEALTHCARE.GOV
MEDICARE.GOV
REGULATIONS.GOV
RESEARCH.GOV
STOPBULLYING.GOV
STOPFAKES.GOV
VOLUNTEER.GOV
WOMENSHEALTH.GOV
DATA.GOV
GIRLSHEALTH.GOV
READY.GOV
SAFERCAR.GOV
USA.GOV
Research:
1. Read / Review the Week 3 readings.
2. Research three or more attacks which could compromise the security of a Digital Government
Website which uses Web Applications, a Web Server, and a Database Server. Here are some sources
to get you started:
a. Web Applications Architectures and Security (in the Week 3 content module).
b. Cyber Vandalism -- https://www.digitalgov.gov/resources/readiness-recovery-responsesocial-media-cyber-vandalism-toolkit/
c. Cybersecurity: Actions needed to address challenges facing federal systems (GAO 15573T) http://www.gao.gov/assets/670/669810.pdf
d. Cognitive Hacking and Digital Government: Digital Identity
http://www.ists.dartmouth.edu/library/78.pdf
e. US-Cert Publications (See Technical Reports section) https://www.us-cert.gov/securitypublications#reports
3. Review the Website for a digital government service (select one of the Websites listed in Table 1).
What types of information or services are available via your selected Website? What population
does this Website serve (who is the intended audience)?
4. As part of your Digital Government Website review, determine the types and sensitivity of
information collected, displayed, processed, and stored by the Web applications which implement
the Digital Government service.
a. See http://www.digitalgov.gov/resources/checklist-of-requirements-for-federal-digitalservices/ for general security and privacy requirements.
Copyright ©2015 by University of Maryland University College. All Rights Reserved
b. See FIPS 199 for additional guidance on determining the sensitivity level of a Federal IT
system. (See the section on public websites.)
5. Using FIPS 200 and NIST SP 800-53, research the general types of security controls which are
required for the IT systems hosting the Digital Government service that you reviewed.
6. Find three or more additional sources which provide information about best practice
recommendations for ensuring the security of the Web Applications used to deliver Digital
Government information and services. These additional sources can include analyst reports and/or
news stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc. which
impacted the security of digital government services.
Write:
Write a two to three page summary of your research. At a minimum, your summary must
include the following:
1. An introduction or overview of digital government which provides definitions and addresses the
laws, regulations, and policies which require that federal agencies provide information and services
via the Web. This introduction should be suitable for an executive audience.
2. An overview of the information and services provided by your selected digital government Website.
Answer the following questions:
a. What types of information or services are available via your selected Website?
b. What population does this Website serve (who is the intended audience)?
c. What sensitivity level which should be assigned to the Website (use FIPS 199
criteria).
d. What security issues were observed during your review?
3. A separate section which addresses the architectures and security issues inherent in the use of Web
applications when used to deliver the services provided by your selected digital government
Website.
4. A separate section which includes recommendations for best practices for ensuring Web application
security during the design, implementation, and operation of digital government websites. Include
five or more best practice recommendations in your discussion.
Your white paper should use standard terms and definitions for cybersecurity. The following sources are
recommended:
• NICCS Glossary http://niccs.us-cert.gov/glossary
• Guidelines on Security and Privacy in Public Cloud Computing
http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
Copyright ©2015 by University of Maryland University College. All Rights Reserved
Formatting Instructions
1. Use standard APA formatting for the MS Word document that you submit to your assignment folder.
Formatting requirements and examples are found under Course Resources > APA Resources.
Additional Information
1. You are expected to write grammatically correct English in every assignment that you submit for
grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying
that your punctuation is correct and (d) reviewing your work for correct word usage and correctly
structured sentences and paragraphs. These items are graded under Professionalism and constitute
20% of the assignment grade.
2. You are expected to credit your sources using in-text citations and reference list entries. Both your
citations and your reference list entries must comply with APA 6th edition Style requirements.
Failure to credit your sources will result in penalties as provided for under the university’s Academic
Integrity policy.
Copyright ©2015 by University of Maryland University College. All Rights Reserved
Criteria
Introduction or
Overview for the
Case Study
Excellent
20 points
Provided an excellent
introduction or
overview of digital
government which
provided definitions
and addressed the
laws, regulations, and
policies which require
that federal agencies
provide information
and services via the
Web. The overview
appropriately used
information from 3 or
more authoritative
sources.
Review of a Digital
20 points
Government Website Provided an excellent
overview of the
information and
services provided by
the selected digital
government Website.
Provided full,
complete, and concise
answers to the
following questions:
a. What types of
information or services
are available via the
selected Website?
b. What population
does this Website
serve (who is the
intended audience)?
c. What sensitivity
level which should be
assigned to the
Website (use FIPS 199
criteria)?
d. What security issues
were observed during
the review?
Appropriately used
information from 3 or
more authoritative
sources.
Web Application
15 points
Architectures and
Provided an excellent
Security Issues
discussion of Web
application
architectures and
common / frequent
security issues
inherent in the use of
Web applications in
the context of digital
government Websites.
Discussion included 5
or more examples of
security issues.
Appropriately used
information from 3 or
more authoritative
sources.
Best Practices and
15 points
Recommendations
Provided an excellent
for Ensuring Security discussion of best
of Digital
practices for ensuring
Government
Web application
Websites
security during the
design,
implementation, and
operation of digital
government websites.
Included 5 or more
best practices (with
recommendations)
Addressed security
issues using
standard
cybersecurity
terminology
APA Formatting for
Citations and
Reference List
Professionalism Part
I: Organization &
Appearance
Professionalism Part
II: Execution
which could be
implemented to
improve the security
of digital government
websites.
Appropriately used
information from 3 or
more authoritative
sources.
5 points
Demonstrated
excellence in the
integration of standard
cybersecurity
terminology into the
case study.
5 points
Work contains a
reference list
containing entries for
all cited resources.
Reference list entries
and in-text citations
are correctly
formatted using the
appropriate APA style
for each type of
resource.
5 points
Submitted work shows
outstanding
organization and the
use of color, fonts,
titles, headings and
sub-headings, etc. is
appropriate to the
assignment type.
15 points
No formatting,
grammar, spelling, or
Overall Score
punctuation errors.
Excellent
90 or more
Purchase answer to see full
attachment