Running head: COMPARING TWO STATE IT POLICIES

COMPARING TWO STATE IT POLICIES

Name.

Institution.

Date.
COMPARING TWO STATE IT POLICIE 2

Introduction; Colorado and Alabama

Since the invention of computers, cybersecurity impacts have increased. The regular rise of the threat

of cybersecurity is attributed to more efficient computer technology in information technology. Our case

study focuses on two State Government entities, Colorado and Alabama. IT regulations defend the state

from any threat and, in particular, cyber-attacks. The use of computers is commonly used and their

networks can easily jeopardize the reputation of various companies in a nation. Where a state has no

clear rules regulating the use of a computer system, the execution of its systems under state rules poses

serious risks (Jia, L., Huang, L., Yan, Z., Hall, D., Song, J., & Paradice, 2019). The absence of an information

technology strategy makes the state and other organizations available for cyber-attacks in order to use

malicious programs to exploit or to kill important information. A strategy would ensure that cyber-

attacks and the defence against external threats and any kind of security breaches are less prevalent. In

addition to handling security breaches, IT policies in countries increase efficiency and accountability, as

they restrict the interference with the framework and ensure all activities conducted successfully with

the state. Nevertheless, in compliance with State resources, IT policies differ. While various countries

have various IT strategies, are designed hence reducing violations of security, protect private details and

enhance national openness and performance.

Colorado-Alabama common policies

Alabama and Colorado are implementing different IT policies based on certain concepts. Firstly, both

States have established a specific body that addresses all issues relating to information technology

management exclusively. To order to ensure that information related to IT is managed properly, each

division has specific roles to minimize any cyberattacks problem. (Liang, G., Weller, S. R., Luo, F., Zhao, J.,

& Dong, Z. Y. 2018). The regulation specifies the specific time fraction of IT management laws and the

appropriate action to be taken in regulating or mediating the infringement. Secondly, the States have a
COMPARING TWO STATE IT POLICIE 3

comprehensive procedure of measures to be followed immediately, any kind of security breach has

occurred. In investigating the cause of the breach and remedying the condition as first as possible, more

resources are delved. The formulated policies in the various states ensure that any type of cybersecurity

violation is monitored by a system. Each computer system in a given area is known by its unique IP

address ("State of Alabama Information Technology Policy,” 2016). It allows tracking of any incident

associated with specific suspicious activity by the charged entity. The state's cyber systems can shut

down such types of systems in order to prevent or minimize any damage (Jia, L., Huang, L., Yan, Z., Hall,

D., Song, J., & Paradice, 2019). In the course of shutting down any activity that is considered illegal

activity, most state policies have a keen interest throughout tracking both the Internet and computer

use. They also have the power to investigate any party that is suspected of engaging in an unscrupulous

activity.

Unique aspects of security policies in Colorado

Colorado State categorizes information technology aspects into different levels. The lowest rate poses

a minimal threat and is concerned with data elements such as data records of weapons, violation of

building code, and records of state employees. Progressive classification of data is correlated with the

state's health care, federal tax records, social security administration, and probability and accounting. All

employees who work within the state are required to access information by using the company's

information technology section's registered accounts. An organization is solely responsible for managing

the account. The records are to be split into different parts each serving a specific role. The department

will create accounts for all state-wide divisions. There are several classification levels in the accounts.

Several account rates include community groups, personal accounts, visitors, temporary department

and emergency developers. It is also the Agency's task to monitor all accounts. It also has the right to

remove any account within the state system that is considered a threat to the state although it needs
COMPARING TWO STATE IT POLICIE 4

clear evidence that shows that some users are in violation of Colorado's information technology policies.

The agency also checks its accounts on an annual basis and then creates a process by which it can give

all parties the accounts. The information system agency engages in the enforcement of access,

especially among the moderate or low classification levels, while ensuring that information flows at

moderate levels of security (Hobrock, 2019). The program also takes note of any positive login attempts

and closes the account after a 15-minute duration. This also sends a message to the network to notify

the organization why it has closed a specific account.

Special facets of security policies in Alabama

The State of Alabama establishes a specific division that controls any use within its borders of

information technology. The section is called the Division of Information Services. This division has

different units, including the Cyber Security Incident Response Team, which investigates any issues

related to cyber-attacks within the state (Liang, G., Weller, S. R., Luo, F., Zhao, J., & Dong, 2018). This

section is tasked with implementing an incident plan that comes into effect once any threat within the

information technology sector has been detected. It is also the division's responsibility to assess the IT

infrastructure on an annual basis. `The division identifies particular incidences which are generally

identified among the organization's reportable risks. The Division reports to the respective Divisions all

cyber-attack incidents and notify them of the action necessary to prevent any cyber-attacks. They

provide specific training on all other divisions with standard techniques that can be used to minimize

any cyber-attack-related incidences. The other divisions are basically familiar with how they build and

maintain personal accounts and how they can use specific measures such as authentication and

authorization to minimize the effects of unauthorized access. The department then records all the

findings of various organizations showing the different response rates for incidents ("State of Alabama

Information Technology Policy,” 2016). There is also documentation of specific measures taken to
COMPARING TWO STATE IT POLICIE 5

prevent loss of information. Then it makes specific guidelines that can be used to reduce an

organization's incidence.

State Security Strategy Evaluation

The state of Alabama and Colorado applies different policies when it comes to addressing information

technology-related aspects, particularly when it comes to cybersecurity threats. While both

organizations have identified specific divisions that address all issues related to information technology,

the systems in place by the state of Colorado are more elaborate compared to what the state of

Alabama is applying. The various important policies that stand out in the State of Colorado include its

classification system where information contained in the State is categorized based on different levels of

security. It means data is readily classified according to the threat posed. Essentially, at the highest level,

it becomes quite difficult for any group to access classified data. Secondly, accessibility to the

information system requires specific login credentials of all interested parties. All parties are categorized

according to a particular characteristic that is either as a visitor, party, entity or temporary account.

Immediately clear login steps are incorrect the account is blocked immediately and any suspicious

activity is reported to the agency immediately. The department that tracks the activities associated with

all accounts also closes all inactive state accounts and performs an annual review to find any program

that has contravened agreed rules and regulations. Thus the State of Colorado reduces any threats

associated with cyber-attacks and increases the state's efficiency of operations (Liang, G., Weller, S. R.,

Luo, F., Zhao, J., & Dong, 2018). As a result, this state is performing much better than Alabama’s.

Recommendation and Conclusion

Knowing how an agency network appears from the outside, and contrasting that to how it is perceived

from the inside, also contributes to finding unforeseen discrepancies and fixable vulnerabilities.

Different states have varied IT policies that aim to increase the productivity of their business operations
COMPARING TWO STATE IT POLICIE 6

and to minimize or eliminate any related cybersecurity threat. IT can serve the needs of the developing

digital services teams. And all of that is about mobility, time-to-value. You need cohesive, easy-to-use

identity and security services Having a common understanding of goals, terms, criteria and realizing that

both sides can provide better solutions is all the more crucial. It's first about individuals and

organization, then technology. Since different states vary in available resources, different policies are

enforced, and as a result, varying outcomes are obtained (Goodwin, C., Nicholas, J. P., Bryant, J., Ciglic,

K., Kleiner, A., Kutterer, 2017). The establishment of a particular division that deals exclusively with

information technology is one common factor for all States. The state of Alabama will learn various

aspects of how to handle its department of information technology from the state of Colorado.
COMPARING TWO STATE IT POLICIE 7

References

Jia, L., Huang, L., Yan, Z., Hall, D., Song, J., & Paradice, D. (2019). The importance of policy to effective IM

use and improved performance. Information Technology & People..

Hobrock, B. G. (2019). Library Management in the Information Technology Environment: Issues, Policies,

and Practice for Administrators. Routledge.

Sauls, J., & Gudigantala, N. (2019). Preparing information systems (IS) graduates to meet the challenges

of global IT security: Some suggestions. Journal of Information Systems Education, 24(1), 7.

Liang, G., Weller, S. R., Luo, F., Zhao, J., & Dong, Z. Y. (2018). Distributed blockchain-based data

protection framework for modern power systems against cyber attacks. IEEE Transactions on

Smart Grid, 10(3), 3162-3173.

Goodwin, C., Nicholas, J. P., Bryant, J., Ciglic, K., Kleiner, A., Kutterer, C., & Storch, T. (2017). A framework

for cybersecurity information sharing and risk reduction. Microsoft.