For this research-based report, you will perform a comparative analysis that examines the strengths and weaknesses of two existing IT Security Policies published by state governments for their operating departments and agencies (agencies and offices of the executive branch under the leadership of the state governors). (You will select two policies from the table under Research > Item #1.)
Your specific focus for this analysis will be how these states issued policies guide the implementation of (a) Risk Analysis (aligned with NIST SP 800-30 and SP 800-37) and (b) System Authorization processes aligned with the seven (7) domains of the Certified Authorization Professional certification.
Your analysis must consider best practices and other recommendations for improving cybersecurity for state government information technology operations (i.e. those operated by or for state agencies and offices). Your paper should also address the question: why should every nation have a comprehensive IT security policy for state agencies and offices that implement risk assessment processes and system authorization processes to reduce and mitigate risk?
Read / Review:
1. Review the seven (7) domains of the Certified Authorization Professional (in the course textbook):
· Information Security Risk Management Program
· Scope of the Information System
· Selection and Approval of Security and Privacy Controls
· Implementation of Security and Privacy Controls
· Assessment/Audit of Security and Privacy Controls
· Authorization/Approval of Information System
· Continuous Monitoring
2. Review the NIST best practices guidance in NIST SP 800-30 and NIST SP 800-37 (read chapters 1 & 2 in each document).
Research:
1. Select two state government IT Security Policies from the list below.
State
IT Security Policy
Illinois
https://www2.illinois.gov/sites/doit/support/policies/Documents/Overarching%20Enterprise%20Information%20Security%20Policy.pdf
Project 2: Compare / Contrast Two State Government IT Security Policies
For this research-based report, you will perform a comparative analysis that examines the strengths and weaknesses of two existing IT Security Policies published by state governments for their operating departments and agencies (agencies and offices of the executive branch under the leadership of the state governors). (You will select two policies from the table under Research > Item #1.)
Your specific focus for this analysis will be how these states issued policies guide the implementation of (a) Risk Analysis (aligned with NIST SP 800-30 and SP 800-37) and (b) System Authorization processes aligned with the seven (7) domains of the Certified Authorization Professional certification.
Your analysis must consider best practices and other recommendations for improving cybersecurity for state government information technology operations (i.e. those operated by or for state agencies and offices). Your paper should also address the question: why should every nation have a comprehensive IT security policy for state agencies and offices that implement risk assessment processes and system authorization processes to reduce and mitigate risk?
Read / Review:
3. Review the seven (7) domains of the Certified Authorization Professional (in the course textbook):
· Information Security Risk Management Program
· Scope of the Information System
· Selection and Approval of Security and Privacy Controls
· Implementation of Security and Privacy Controls
· Assessment/Audit of Security and Privacy Controls
· Authorization/Approval of Information System
· Continuous Monitoring
4. Review the NIST best practices guidance in NIST SP 800-30 and NIST SP 800-37 (read chapters 1 & 2 in each document).
Research:
2. Select two state government IT Security Policies from the list below.