For this paper, you will research potential and existing security issues affecting digital government websites. Such websites enable customers to enroll in programs and services, check the status of benefits, and receive information about the federal government’s activities. Your audience for this research report will be the Chief Information Officer for a small federal agency who has asked for assistance in developing a risk assessment and risk mitigation strategy for the agency’s digital government websites.
Note: this research report is separate from the report you previously prepared about OPEN data and may not reuse information from that report. This paper must address other types of government services. See Table 1 for the list of websites to use in your research.
For this report, you should begin by reviewing three or more specific digital government websites (from the list provided in Table 1) to determine:
(a)the types of information provided by the websites
(b)the types of services provided by the websites
(c)security issues which could impact the delivery of digital government services by the websites
After you have reviewed these websites, review the Federal Cybersecurity Risk Determination Report and Action Plan https://www.whitehouse.gov/wp-content/uploads/2018/05/Cybersecurity-Risk-Determination-Report-FINAL_May-2018-Release.pdf to identify additional sources of risk which the agency must be aware of and should address in its planning. You should also review Executive Order 13800 Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/
Table 1. List of Digital Government Websites
- Read / Review the Weekly readings
- Research three or more attacks which could compromise the security of a Digital Government Website which uses Web Applications, a Web Server, and a Database Server. Here are some sources to get you started:
- Web Applications Architectures and Security (in the Week 3 content module).
- Cyber Vandalism — https://www.digitalgov.gov/resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit/
- Cybersecurity: Actions needed to address challenges facing federal systems (GAO 15-573T) http://www.gao.gov/assets/670/669810.pdf
- Cognitive Hacking and Digital Government: Digital Identityhttp://www.ists.dartmouth.edu/library/78.pdf
- US-Cert Publications (See Technical Reports section) https://www.us-cert.gov/security-publications#reports
- Review three or more websites which deliver digital government services (select from those listed in Table 1). What types of information or services are available via these websites? What population do these website serves (who is in the intended audience for each website)?
- As part of your Digital Government websites review, determine the types and sensitivity of information collected, displayed, processed, and stored by the Web applications which implement the Digital Government services.
- See http://www.digitalgov.gov/resources/checklist-of-requirements-for-federal-digital-services/ for general security and privacy requirements.
- See FIPS 199 for additional guidance on determining the sensitivity level of a Federal IT system. (See the section on public websites.)
- Using FIPS 200, the NIST Cybersecurity Framework, and NIST SP 800-53, research the general types of security controls which are required for the IT systems hosting the Digital Government service that you reviewed.
- FIPS 200 https://doi.org/10.6028/NIST.FIPS.200
- NIST Cybersecurity Framework https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
- NIST SP 800-53 https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-53r4.pdf
- Find three or more additional sources which provide information about best practice recommendations for ensuring the security of the Web Applications used to deliver Digital Government information and services. These additional sources can include analyst reports and/or news stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc. which impacted the security of digital government services.
- What types of information or services are available via your selected Websites?
- What populations are served by these websites (who is the intended audience)?
- What sensitivity level which should be assigned to each Website (use FIPS 199 criteria).
- What security issues were observed during your review?
Write a five to seven page summary of your research. At a minimum, your summary must include the following:
1.An introduction or overview of digital government which provides definitions and addresses the laws, regulations, and policies which require that federal agencies provide information and services via the Web. This introduction should be suitable for an executive audience.
2.An overview of the information and services provided by the digital government Websites that you reviewed. Answer the following questions:
3.A separate section which addresses the architectures and security issues inherent in the use of Web applications when used to deliver the services provided by your selected digital government Website. How do these issues contribute to increased risk?
4.A separate section which includes recommendations for best practices for ensuring Web application security during the design, implementation, and operation of digital government websites. Include five or more best practice recommendations in your recommendations. (Hint: at least one of your recommendations should address use of the NIST Cybersecurity Framework. Another recommendation should address use of NIST SP 800-53 controls for ensuring security and privacy.)
5.A closing section in which you summarize your research and your recommendations.
Submit For Grading
Submit your work in MS Word format (.docx or .doc file) using the Project 2 Assignment in your assignment folder. (Attach the file.)
- Consult the grading rubric for specific content and formatting requirements for this assignment.
- Your 5 to 7 page paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.
- Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts Review for recommended resources.
- The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx.
- You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
- You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
- You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).
The post project paper 2 week 4 first appeared on The Nursing Tutors.