Computers and Technology, 15.04.2020 20:11 zitterkoph
After the productive team meeting, Fullsoft’s chief technology officer (CTO) wants further analysis performed and a high-level plan created to mitigate future risks, threats, and vulnerabilities. As part of this request, you and your team members will create a plan for performing a gap analysis, and then research and select an appropriate risk assessment methodology to be used for future reviews of the Fullsoft IT environment.
An IT gap analysis may be a formal investigation or an informal survey of an organization's overall IT security. The first step of a gap analysis is to compose clear objectives and goals concerning an organization's IT security. For each objective or goal, the person performing the analysis must gather information about the environment, determine the present status, and identify what must be changed to achieve goals. The analysis most often reveals gaps in security between "where you are" and "where you want to be."
Two popular risk assessment methodologies are NIST SP 800-30 revision 1, Guide for Conducting Risk Assessments, and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). Your focus will be on the OCTAVE Allegro version, which is a more concise version of OCTAVE. When reviewing the methodologies, consider the following:
Which features or factors of each methodology are most important and relevant to Fullsoft?
Which methodology is easier to follow?
Which methodology appears to require fewer resources, such as time and staff, but still provides for a thorough assessment?
Tasks
Create a high-level plan to perform a gap analysis.
Review the following two risk assessment methodologies:
NIST SP 800-30 rev. 1, Guide for Conducting Risk Assessments (formerly titled " Risk Management Guide for Information Technology Systems")
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), Allegro version
Create a report that includes the gap analysis plan, a brief description of each risk assessment methodology, a recommendation for which methodology Fullsoft should follow, and justification for your choice.
Answers: 2
Another question on Computers and Technology
Computers and Technology, 22.06.2019 10:00
Which is a false statement considering copyright law? a. when people upload something to the internet they automatically receive a copyright for the work b. the work does not have to contain a copyright notice to be considered having a copyright c. copyright is legal term describing rights given to the creators for literary and artistic works d. personal pictures are always covered by copyrights
Answers: 1
Computers and Technology, 23.06.2019 14:00
In which job role will you be creating e-papers, newsletters and preiodicals
Answers: 1
Computers and Technology, 24.06.2019 01:30
Hazel has just finished adding pictures to her holiday newsletter. she decides to crop an image. what is cropping an image?
Answers: 1
Computers and Technology, 24.06.2019 09:10
to change the number of rows and columns displayed by the excel object a. select the object and drag a size handle on the active object. b. deselect the object and drag a size handle of the object. c. deselect the object and drag a row or column divider of the object. d. select the object and drag a row or column divider on the active object.
Answers: 2
You know the right answer?
After the productive team meeting, Fullsoft’s chief technology officer (CTO) wants further analysis...
Questions
Mathematics, 19.05.2020 14:06
Mathematics, 19.05.2020 14:06
History, 19.05.2020 14:06
Mathematics, 19.05.2020 14:06
English, 19.05.2020 14:06
Mathematics, 19.05.2020 14:06
Mathematics, 19.05.2020 14:06
History, 19.05.2020 14:06
Mathematics, 19.05.2020 14:06
Mathematics, 19.05.2020 14:06
Spanish, 19.05.2020 14:06
Biology, 19.05.2020 14:06
