Administration Policy Matrix
Current Administration
Regulation Name and Date
Four Key Principles
Reference
Previous Administration
Regulation Name and Date
Four Key Principles
Reference
Relevant State Law or Regulation
Name and Date
Four Key Principles
Reference
NIST Template
Document Number
Document Name
Date
NIST Guidance
Federal Cybersecurity Agency Simtray Report – 1 page
Administration Policy Matrix – chart
Administration Compare and Contrast Chart – 1 page chart
Focus on FISMA Report - 2 page discussion
NIST Template – refer to nist template document
Final Report on National Cybersecurity Policy – refer to final report document
you will analyze the current and previous administration's cybersecurity policies within the context of current cybersecurity concerns. You will identify the issues in the policies about which an organization should be concerned, taking into account the effects of the policy on civil liberties with some focus on FISMA and NIST. You will also evaluate FISMA's ability to both assess compliance and insure accountability. By the end of the course, you will understand the effect that administration cybersecurity policy has on your own organization, public or private sector
Scenario
As the newly hired cybersecurity policy analyst, you are the most qualified in your company to understand the overall framework of cybersecurity initiatives, which often change and evolve over several presidential administrations. Knowing your background, your boss asks you to prepare a comprehensive overview that compares cyber policy tenets from the prior administration to the current. She will present the report to the board of directors.
"It's important for us to take a step back periodically to see where we've been, where we are now, and where we are going," she says. The report can include recommendations for improving the current policies with a look toward maintaining civil liberties.
The report, your boss says, also should feature updates and the effects of the Federal Information Security Management Acts (FISMA) of 2002 and 2014, and also should consider the role that the National Institute of Standards and Technology (NIST) assumes in terms of cybersecurity policy.
You realize that your report has to be crafted in plain language so that the board members who do not have the technical background in cybersecurity matters will understand. Creating such a broad-based document will require some historical research as well as a look at the current laws. It is due in two weeks, so it's best to get started right away.
Federal Cybersecurity Agency Simtray Report
In this step, you should continue to explore the scenarios within SIMTRAY, "Federal Cybersecurity Agency: Find Your Way in Three Days." If you have not already, you will most likely encounter the following topics in this exercise: classifying information types, intellectual property issues ( intellectual property - cybersecurity), Cyb ...
1. Administration Policy Matrix
Current Administration
Regulation Name and Date
Four Key Principles
Reference
Previous Administration
Regulation Name and Date
Four Key Principles
Reference
Relevant State Law or Regulation
Name and Date
Four Key Principles
Reference
NIST Template
Document Number
Document Name
Date
NIST Guidance
2. Federal Cybersecurity Agency Simtray Report – 1 page
Administration Policy Matrix – chart
Administration Compare and Contrast Chart – 1 page chart
Focus on FISMA Report - 2 page discussion
NIST Template – refer to nist template document
Final Report on National Cybersecurity Policy – refer to final
report document
you will analyze the current and previous administration's
cybersecurity policies within the context of current
cybersecurity concerns. You will identify the issues in the
policies about which an organization should be concerned,
taking into account the effects of the policy on civil liberties
with some focus on FISMA and NIST. You will also evaluate
FISMA's ability to both assess compliance and insure
accountability. By the end of the course, you will understand
the effect that administration cybersecurity policy has on your
3. own organization, public or private sector
Scenario
As the newly hired cybersecurity policy analyst, you are the
most qualified in your company to understand the overall
framework of cybersecurity initiatives, which often change and
evolve over several presidential administrations. Knowing your
background, your boss asks you to prepare a comprehensive
overview that compares cyber policy tenets from the prior
administration to the current. She will present the report to the
board of directors.
"It's important for us to take a step back periodically to see
where we've been, where we are now, and where we are going,"
she says. The report can include recommendations for
improving the current policies with a look toward maintaining
civil liberties.
The report, your boss says, also should feature updates and the
effects of the Federal Information Security Management Acts
(FISMA) of 2002 and 2014, and also should consider the role
that the National Institute of Standards and Technology (NIST)
assumes in terms of cybersecurity policy.
You realize that your report has to be crafted in plain language
so that the board members who do not have the technical
background in cybersecurity matters will understand. Creating
such a broad-based document will require some historical
research as well as a look at the current laws. It is due in two
weeks, so it's best to get started right away.
Federal Cybersecurity Agency Simtray Report
In this step, you should continue to explore the scenarios within
SIMTRAY, "Federal Cybersecurity Agency: Find Your Way in
Three Days." If you have not already, you will most likely
encounter the following topics in this exercise: classifying
information types, intellectual property issues ( intellectual
4. property - cybersecurity), Cybersecurity Law, Common Criteria
Evaluation and Validation Scheme (CCEVS), state
cybersecurity law, broadband, and the TIE Model. Document
events that you experience in the exercise that might affect the
federal policy. Think about how these issues will be affected by
current or pending legislation and begin to explore how you
might be able to influence Congress to pass appropriate
legislation.
The SIMTRAY will provide you with scores to give you a sense
on how well you are grasping the concepts. The sections are
timed for 30 minutes; however, you can run the SIMTRAY as
many times as you need. Compile your recorded scores, lessons
learned and documented industry issues into a one-page report.
Administration Policy Matrix
In this step, you will complete the Recent Administration
Cybersecurity Policy eLearning module to better understand
how the prior administration handled cybersecurity policy. You
will cover the key points of the Cyberspace Policy Review and
the U.S. Government Accountability Office (GAO) report,
which is a follow-up to the review. You will also cover the role
of the cyber czar, and how the Cyberspace Policy Review
findings eventually led to the new cyber command,
USCYBERCOM
Now that you have familiarized yourself with how cybersecurity
law and policy is developed and how the recent administration
has handled cybersecurity policy, you are ready to begin your
analysis. Conduct research on the current administration's key
cybersecurity policies. This information can be found in official
government communications (e.g., whitehouse.gov or dhs.gov
websites) as well as in publications about or transcripts of
statements/speeches made by administration officials. You will
use the Administration Policy Matrix to record your findings.
Include one state law or regulation that is relevant to
cybersecurity and four respective key principles. You will
continue to use this matrix in the following step.
5. In the previous step, you began your analysis by reviewing the
current administration's key cybersecurity policy tenets. In this
step, you will conduct research on the previous administration's
key cybersecurity policies. As in the previous step, you may
find information in official government communications (e.g.,
whitehouse.gov or dhs.gov websites) as well as in publications
about or transcripts of statements/speeches made by
administration officials. Continue using the Administration
Policy Matrix that you began in the last step. You will use your
findings in the following step.
Administration Compare and Contrast Chart
Now that you have documented tenets from both the current and
previous administration's cybersecurity policies, you will
analyze them using a compare and contrast methodology. Using
your completed Administration Policy Matrix, prepare a one-
page chart that compares and contrasts the cybersecurity
administration policies of the previous and current
administration.
Submit both the Administration Policy Matrix and your
Administration Compare and Contrast Chart for feedback
Focus on FISMA Report
Until now, you have focused on analyzing current and past
administrations' cybersecurity policy. However, your analysis
would not be complete without considering a focus on statutes
and organizations that determine standards such as FISMA and
NIST.
Using the discussion board, pair with another student in the
cybersecurity management and policy arena and discuss the
introduction of and the effectiveness of FISMA for the federal
government. Conduct a high-level review of the FISMA
document. Evaluate FISMA's ability to both assess compliance
and ensure accountability. This discussion will be useful for
your FISMA report in the following step.
Use your discussion from the previous step as a basis for the
report in this step.
6. Remember, there are methods that the government uses for
quantifying information security and loss. Create a two-page
document that summarizes the impact of FISMA upon the
quantification within the government, how FISMA
implementation can affect the quantification, and the need for
FISMA adherence across the federal government.
Write a two-page discussion with the following points:
· Describe and discuss the objectives of policy makers.
· Describe and discuss the general problems that limit the
effectiveness of vehicles that try to govern cybersecurity.
· Considering the general problems discussed in the previous
point, discuss ideas for improving cybersecurity.
· Discuss how well you think FISMA works in the workplace.
NIST Template
Now that you have considered FISMA, it is time to consider an
organization that defines standards and guidelines to comply
with FISMA.
The National Institute of Standards and Technology (NIST) is
an organization that works collaboratively with government and
industry to create cybersecurity policies and standards. While
much of the work that NIST does is more technical, in this
segment you will explore the cybersecurity policy side of NIST.
Your policy research should include FIPS 200 and SP 800-53,
addressing both the intent of these policies as well as assessing
how well they have been implemented. Through researching the
NIST cybersecurity documents, complete the NIST Template to
create a high-level list of the "management and policy"
cybersecurity issues put forth by NIST for government agencies
and private industry.
This document will help you compose the NIST conclusions
section of your final report. Submit your Focus on NIST report
for feedback.
Final Report on National Cybersecurity Policy
Throughout this project, you have reviewed and analyzed the
presidential administration's cybersecurity policy, FISMA, and
7. NIST. You will now compile your findings in a final report for
your boss to deliver to the board of directors. Refer to the
instruction for the final report for additional guidelines.
Submit your completed final report.
Before you submit your assignment, review the competencies
below, which your instructor will use to evaluate your work. A
good practice would be to use each competency as a self-check
to confirm you have incorporated all of them in your work.
· 1.4: Tailor communications to the audience.
· 2.3: Evaluate the information in a logical and organized
manner to determine its value and relevance to the problem.
· 7.1: Evaluate national cybersecurity policy.
Instruction for the Final Report
Administration Cybersecurity Policy Review
This comprehensive report should include the sections listed
below and conclude with a statement that addresses (agree or
disagree) with the following comment:
"Not all federal agencies need to follow FISMA or NIST
recommendations for maintaining cybersecurity. After all, if the
cyberinfrastructure of a government agency is attacked, no real
harm is done to anyone except the complainants."
Review the work you have done throughout the project. If
necessary, review the eLearning modules in steps 1 and 5 and
your Simtray Report completed in Step 4 along with the
feedback from your instructor. And remember to tailor your
report to your nontechnical audience.
Be sure to address the following items at some point in your
report:
· Document the cybersecurity policy issues faced by the United
States.
· Analyze the interrelations among cybersecurity technology
decisions and cybersecurity policies.
· Translate how cybersecurity policy choices affect
8. cybersecurity technology research and development.
· Compare and contrast key federal and state cybersecurity
standards.
· Assess the key points and principles in the NIST standards for
cloud cybersecurity.
· Develop an awareness program of the linkage(s) between US
national security and US national priorities for securing
cyberspace.
· Compare and contrast US cybersecurity standards bodies.
· Identify stakeholders to be contacted in the event of an
organizational cybersecurity incident.
· Compare and contrast cyberdefense and cyberattack, and
discuss the relevant policies that underpin each term.
Report Sections
· Title Page
· Table of Contents
· Introduction
· Key Current Administration Cybersecurity Policy Tenets
· Key Prior Administration Cybersecurity Policy Tenets
· Comparison of Current and Prior Tenets
· FISMA Conclusions
· NIST Conclusions
· Conclusion
· Pro/Con Current vs. Prior
· Pro/Con FISMA Regulation
· Pro/Con NIST Guidelines
· Reference Page