Please answer the Bold Tasks questions: Thank you After the productive team meet
ID: 3733216 • Letter: P
Question
Please answer the Bold Tasks questions:
Thank you
After the productive team meeting, Fullsoft’s chief technology officer (CTO) wants further analysis performed and a high-level plan created to mitigate future risks, threats, and vulnerabilities. As part of this request, you and your team members will create a plan for performing a gap analysis, and then research and select an appropriate risk assessment methodology to be used for future reviews of the Fullsoft IT environment.
An IT gap analysis may be a formal investigation or an informal survey of an organization's overall IT security. The first step of a gap analysis is to compose clear objectives and goals concerning an organization's IT security. For each objective or goal, the person performing the analysis must gather information about the environment, determine the present status, and identify what must be changed to achieve goals. The analysis most often reveals gaps in security between "where you are" and "where you want to be."
Two popular risk assessment methodologies are NIST SP 800-30 revision 1, Guide for Conducting Risk Assessments, and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). Your focus will be on the OCTAVE Allegro version, which is a more concise version of OCTAVE. When reviewing the methodologies, consider the following:
Which features or factors of each methodology are most important and relevant to Fullsoft?
Which methodology is easier to follow?
Which methodology appears to require fewer resources, such as time and staff, but still provides for a thorough assessment?
Tasks
Create a high-level plan to perform a gap analysis.
Review the following two risk assessment methodologies:
NIST SP 800-30 rev. 1, Guide for Conducting Risk Assessments (formerly titled " Risk Management Guide for Information Technology Systems")
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), Allegro version
Create a report that includes the gap analysis plan, a brief description of each risk assessment methodology, a recommendation for which methodology Fullsoft should follow, and justification for your choice.
Explanation / Answer
ANSWER:
->Gap analysis involves determining, documenting, and improving the difference between business requirements and current capabilities. Gap analysis naturally flows from benchmarking to other assessments.
->This is the best methodoology which can be applied as per the above description as it involves the comparison of the actual performance with the help of the potential or desired performance. If the organization does not make the best use of these current resources in the technology than it may later on produce r perform below its potential.
->The analysis is capable of identifying the gaps between the optimized allocation and integration of the inputs and the current allcoation level.This methodology reveals the areas that are requiring an improvement.
->This methodology invilves the determining , documenting and mainly approving the difference between the business requirements and current capabilities.Ir helps in naturally flowing fro mthe benchmarking and from other small assessments.
->It helps in aspiring a future with the help of various perspectives. Some of them are as follows:
a)Organization
b)Business Process
c)Business Direction
d)Information Technology.
->It is providing an gulf between the existing output with an desired output. The steps can be followed as below:
1)Identifying the existing process
2)Identifying the Existing Output
3)Identifying the Desired Output
4)Identify the documentation and the gaps
5)Developing the means to fill the gap
6)Develop and prioritize the requirements to briding the gaps.
Hence, this is the methodology that must be used TO THE the above PROCEDURE