Carry out a security self - assessment of an organization using the NIST Special Publication 800 - 26 as a guide. This may be your current or previous employer or your own organization. The SP 800-26 document is a self-assessment guide used to assess the IT system of an organization. This document is no longer available from NIST but it is contained in Appendix A at the end of the textbook (pp. 471-491). You may use this appendix as a guide. I
t isrecommend that you use primary areas such as Management controls, Operational controls, Technical controls
,etc.,as a guide to assess a system.A new publication SP 80053A "Guide for Assessing the Security Controls in Federal Information Systems," is available for download fromthe NIST website at: https://csrc.nist.gov/publications/nistpub/80-53Arev1/sp800 53Arev1final.pdf At the moment this document is in draft form. Those of you who
are working or are experienced in Federal IT Systems, may use this publication as an alternative to SP 800-
26.Basically you have a choice of using SP 800-26 or 53A.
Report:
Write a report based on the self
-assessment of an organization. It should be 4- 5 pages long, 12 point character size, single line spacing, and
have 1" margins on all sides. It is recommended that you do not use the actual name of the organization in
the report; use a title such as "ABC,Inc."Your report should include a brief description of the organization, nature of
the business, analysis of the results, and recommendations for improvement in the form of an action plan.
You should also prepare a PowerPoint presentation (10-15 slides) explaining the results and
recommendations of your assessment to senior management of the organization