You have beenasked to participate in a panel discussion of security issues affecting digitalgovernment Websites. Each panel member has been asked to research VOLUNTEER.GOV in relation to (a) theinformation and services that it provides and (b) the security issues whichcould impact the delivery of digital government services. Your two to threepage summary of your research will be provided to the panel audience in advanceof the discussion.
1. Research three or more attacks which couldcompromise the security of a Digital Government Website which uses WebApplications, a Web Server, and a Database Server.Here are some sources toget you started:
a. Web Applications Architectures and Security (inthe Week 3 content module).
b. Cyber Vandalism — https://www.digitalgov.gov/resources/readiness-recovery-response-social-media-cyber-vandalism-toolkit/
c. Cybersecurity:Actions needed to address challenges facing federal systems (GAO 15-573T)http://www.gao.gov/assets/670/669810.pdf
d. CognitiveHacking and Digital Government: Digital Identity http://www.ists.dartmouth.edu/library/78.pdf
e. US-Cert Publications (See Technical Reports section)https://www.us-cert.gov/security-publications#reports
2. Review the Website for a digital governmentservice (select one of the Websites listed in Table 1). What types of informationor services are available via your selected Website? What population does thisWebsite serve (who is the intended audience)?
3. As part of your Digital Government Websitereview, determine the types and sensitivity of information collected, displayed,processed, and stored by the Web applications which implement the DigitalGovernment service.
a. See http://www.digitalgov.gov/resources/checklist-of-requirements-for-federal-digital-services/for general security and privacy requirements.
b. See FIPS 199 for additional guidance ondetermining the sensitivity level of a Federal IT system. (See the section on public websites.)
4. Using FIPS 200 and NIST SP 800-53, research the generaltypes of security controls which are required for the IT systems hosting the DigitalGovernment service that you reviewed.
5. Findthree or more additional sources which provide information about best practicerecommendations for ensuring the security of the Web Applications used todeliver Digital Government information and services. These additional sourcescan include analyst reports and/or news stories about recent attacks / threats,data breaches, cybercrime, cyber terrorism, etc. which impacted the security ofdigital government services.
Write a two to three pagesummary of your research. At a minimum, your summary must include thefollowing:
1. Anintroduction or overview of digitalgovernment which provides definitions and addresses the laws, regulations,and policies which require that federal agencies provide information andservices via the Web. This introduction should be suitable for an executiveaudience.
2. Anoverview of the information and services provided by your selected digitalgovernment Website. Answer the followingquestions:
a. Whattypes of information or services are available via your selected Website?
b. Whatpopulation does this Website serve (who is the intended audience)?
c. Whatsensitivity level which should be assigned to the Website (use FIPS 199criteria).
d. Whatsecurity issues were observed during your review?
3. Aseparate section which addresses the architectures and security issues inherentin the use of Web applications when used to deliver the services provided byyour selected digital government Website.
4. Aseparate section which includes recommendations for best practices for ensuring Web application security during the design,implementation, and operation of digital government websites. Include five ormore best practice recommendations in your discussion.
Your whitepaper should use standard terms and definitions for cybersecurity. The followingsources are recommended:
· NICCS Glossary http://niccs.us-cert.gov/glossary
· Guidelineson Security and Privacy in Public Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf