After the productive team meeting, Fullsoft\'s chief officer (CTO) wants further

Question

After the productive team meeting, Fullsoft's chief officer (CTO) wants further analysis performed & high-level plan created to mitigate future risks, threats, & vulnerabilities. As part of this request, u & ur team members will create plan for performing gap analysis, &then; research &select; an appropriate risk assessment methodology to be used for future reviews of Fullsoft IT environment. An IT gap analysis may be a formal investigation or an informal survey of an org's overall IT security. 1st step of a gap analysis is to compose clear objectives & goals concerning an org's IT security. 4 each objective or goal, the person performing the analysis must gather info about the environmnt, determine the present status, &identify; what must be changed to achieve goals. The analysis most often reveals gaps in security between "where u are" & "where u want to be." 2 popular risk assessment methodologies are NIST SP 800-30 revision 1, Guide for Conducting Risk Assessments, & Operationally Critical Threat, Asset, & Vulnerability Evaluation (OCTAVE). Ur focus is on the OCTAVE Allegro vers, which is more concise vers of OCTAVE. Review the methodologies, consider following: Which features or factors of each methodology are most important and relevant to Fullsoft? Which methodology is easier to follow? Which methodology appears to require fewer resources, such as time and staff, but still provides for a thorough assessment?

Explanation / Answer

Gap Analysis:

Hence, this is the methodology that must be used as per the above description to the organization.

Please rate the answer if it helped.......Thankyou

Hope it helps.....

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---