SCENARIO

Fullsoft wants to strengthen its security posture. The chief security officer (CSO) has asked you for information on how to set up a thats appropriate for Fullsoft.

In addition, the CSO wants to have a full and has asked you to provide recommendations for which risk assessment methodology to use. Two popular risk assessment methodologies are NIST SP 800-30 revision 1, Guide for , and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). Your focus will be on the OCTAVE Allegro version, which is a more concise version of OCTAVE. When reviewing the methodologies, consider the following:

• Which features or factors of each methodology are most important and relevant to Fullsoft?
• Which methodology is easier to follow?
• Which methodology appears to require fewer resources, such as time and staff, but still provides for a thorough assessment?
• Textbook for this course
• Internet access
• NIST SP 800-30, Guide for Conducting Risk Assessments (available at https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final)
• Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) (focus on the Allegro version available at https://resources.sei.cmu..cfm?assetID=8419)
• Format: Microsoft PowerPoint (or compatible)
• Font: Slide headings: Arial 32-point; Slide body: Arial 24-point (no less than 20-point for smaller text); at least half of the slides should include SmartArt
• Citation Style: Follow your schools preferred style guide
• Length: 610 slides, including a title slide and a summary slide
• Format: Microsoft Word (or compatible)
• Font: Arial, size 12, double-space
• Citation Style: Follow your schools preferred style guide
• Length: 12 pages
• I conducted adequate independent research for this part of the project.
• I created a PowerPoint presentation that presents my data classification standards findings.
• I evaluated and selected a risk assessment methodology.
• I wrote a report that summarizes each methodology, recommended which methodology Fullsoft should follow, and provided justification for my choice.
• I created a professional, well-developed presentation and a report with proper documentation, grammar, spelling, and punctuation.
• I followed the submission guidelines.

TASKS

For this part of the project:

• Research data classification standards that apply to a company like Fullsoft. Determine which levels or labels should be used and the types of data they would apply to.
• Create a PowerPoint presentation on your to be presented to the CSO.
• Review the following two risk assessment methodologies:
  • NIST SP 800-30, Guide for Conducting Risk Assessments
  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), Allegro version
• Create a report that describes each risk assessment methodology, a recommendation for which methodology Fullsoft should follow, and justification for your choice.