Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

After the productive team meeting, your chief technology officer (CTO) wants further analysis performed and a high-level plan created to mitigate future risks, threats, and

After the productive team meeting, your chief technology officer (CTO) wants further analysis performed and a high-level plan created to mitigate future risks, threats, and vulnerabilities. As part of this request, you and your team members will create a plan for performing a gap analysis, and then research and select an appropriate risk assessment methodology to be used for future reviews of your company's IT environment. An IT gap analysis may be a formal investigation or an informal survey of an organization's overall IT security. The first step of a gap analysis is to compose clear objectives and goals concerning an organization's IT security. For each objective or goal, the person performing the analysis must gather information about the environment, determine the present status, and identify what must be changed to achieve goals. The analysis most often reveals gaps in security between "where you are" and "where you want to be." Two popular risk assessment methodologies are NIST SP 800-30 revision 1, Guide for Conducting Risk Assessments, and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). Your focus will be on the OCTAVE Allegro version, which is a more concise version of OCTAVE. When reviewing the methodologies, consider the following: Which features or factors of each methodology are most important and relevant to your company? Which methodology is easier to follow? Which methodology appears to require fewer resources, such as time and staff, but still provides for a thorough assessment?

  • Create a high-level plan to perform a gap analysis.
  • Review the following two risk assessment methodologies:

    • NIST SP 800-30 rev. 1, Guide for Conducting Risk Assessments (formerly titled " Risk Management Guide for Information Technology Systems")
    • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), Allegro version
    • Create a report that includes the gap analysis plan, a brief description of each risk assessment methodology, a recommendation for which methodology Full soft should follow, and justification for your choice.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Global Corporate Finance A Focused Approach

Authors: Suk Hi Kim, Kenneth A Kim

2nd Edition

9814618004, 9789814618007

More Books

Students also viewed these Finance questions

Question

=+ ^ What is the budget for this project?

Answered: 1 week ago

Question

=+What information is needed?

Answered: 1 week ago