Case Study: Is there a cybersecurity workforce crisis in state governments??
Case Scenario:
A membership organization for state government officials has asked your cybersecurity consulting firm to partner with it in developing a one-day workshop on workforce development needs for cybersecurity workers. Your part in this endeavor is to provide the coordinating committee with a position paper which discusses the question: "Is there a cybersecurity workforce crisis in state governments? Your paper should be no more than 3 pages in length and must address both sides of the question ("yes, there is a crisis" and "no, there is not a crisis").
Research:
1. Read / Review the Week 5 readings.
2. Research authoritative sources which support the "Yes" side of the question.
Comparing Private Sector and Government Worker Salaries
3. Research authoritative sources which support the "No" side of the question. For example, states may have a shortage of workers overall. Or, the lack of competitive compensation claim may be inaccurate. Or, you may find that the shortage of cybersecurity workers is unrelated to the type of employer (that is, everyone is having problems finding qualified personnel).
a. Budgetary Constraints (p. 3, Figure 1.4)
b. IT Workforce hiring issues:
c. State vs Private Compensation (see "Conclusions" on p. 15)
d. Global talent gap
4. Review the best practice recommendations from the NICE report. Select three to five best practices which state governments could benefit from implementing.
5. Review alternative recommendations for attracting and retaining qualified talent (workers) to a state or region. Select 3 or more which you believe would be beneficial for state government hiring efforts for cybersecurity personnel.
a. About Good Neighbor Next Door (ask yourself if this program or something similar should be extended to cybersecurity personnel)
b. Attracting Big Talent to Small Cities
c. 7 Ways to Attract and Retain Talent (without having to compete on salaries)
d. Government Needs to Rethink How They Attract IT Talent
Write:
Write a two to three page summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview of the cybersecurity workforce issues which impact State governments. This overview should address the political, economic, socio-cultural (included education), and technological factors which contribute to the perceived lack of qualified cybersecurity workers. This introduction should be suitable for an executive audience.
2. A separate section which addresses three to five specific reasons why states have difficulty hiring a sufficient number of trained and qualified cybersecurity workers for positions in state agencies and offices.
3. A separate section which addresses three to five specific "non-cybersecurity" reasons why a workforce shortage affecting state governments may currently exist. You may also choose to argue that the workforce shortage arises out of state budget problems rather than training and education or salary.
4. A recommendations section which addresses three to five marketing or hiring actions which state governments could take to attract cybersecurity talent and reduce or alleviate a cybersecurity workforce shortage for trained and qualified cybersecurity personnel. These recommendations should include several alternative practices which deemphasize salary.
Your white paper should use standard terms and definitions for cybersecurity and privacy.
The following sources are recommended:
- ISACA Glossary
- Guidelines on Security and Privacy in Public Cloud Computing
Paper: Compare / Contrast Two State Government IT Security Policies
Scenario:
Volunteers have been recruited to help state governments improve their cybersecurity practices. The coordinating committee has decided that the first task these volunteers undertake will be a comparative analysis which examines the strengths and weaknesses of existing IT Security Policies for state governments (agencies and offices of the executive branch under the leadership of the state governors). Since you volunteered early, you have your pick of any two states' IT Security Policies from the list published by the Multi-State Information Sharing and Analysis Center (MSISAC). (See item #1 under Research.)
Research:
1. Select two state government IT Security Policies.
2. Download and review your selectedstate governments' IT Security Policy documents.
3. Develop five or more points which are common across the two documents. (Similarities)
4. Identify and review at least three unique items in each document. (Differences)
5. Research best practices for IT Security and/or IT Security Policies for state governments.
6. Using your research and your comparison of the two policy documents, develop an answer to the question: Why should every state government have an IT security policy for state agencies and offices under the state's executive branch?
Write:
Write a five (5) to eight (8) page white paper in which you summarize your research and discuss the similarities and differences between the two IT security policy documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your white paper must include the following:
1. An introduction or overview of IT Security Policiesfor the executive branch of state governments (covering state agencies andoffices in the executive branch including the governor's office). Explain the purpose of an IT security policy and how it is used. Answer the question: why should every state in the nation have a comprehensive IT security policy for state agencies and offices? (Make sure that you address the importance of such strategies to small, resource-poor states as well as to large or wealthy states.)
2. A separate section in which you discuss the common principles and policy sections / statements (similarities) found in both IT security policy documents.
3. A separate section in which you discuss the unique aspects of the first state's IT security policy document.
4. A separate section in which you discuss the unique aspects of the second state's IT security policy document.
5. A section in which you discuss your evaluation of which state government has the better of the two IT security policy documents. You should also present best practice based recommendations for improvements for both IT security policy documents.(Note: you may have different recommendations for the individual policies depending upon the characteristics of each document.)
APA format with 3 sources and IN TEXT citation