Week 5 Project Delieverable_Burley

docx

School

Ashford University *

*We aren’t endorsed by this school

Course

5910

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

6

Uploaded by SamuellBurleyIII

Report
Running Head: Gap Analysis Plan 1 Gap Analysis Plan Samuel L. Burley III Information Technology INT 5910, IT Capstone Project Professor Jasmine Williams Ph.D. South College Dec 3, 2023
Running Head: Gap Analysis Plan 2 Table of Contents Introduction 3 Analysis 3 Gap Plan 4 Conclusion 5 References 6
Running Head: Gap Analysis Plan 3 Introduction An organization typically uses gap analysis to improve its business processes. Therefore, to create a high-level plan for the Full soft organization, the gap analysis plan must be clear so that the business manager can determine the current condition of the business and where it needs to be. A gap analysis is a process or report that shows where the business is and where it wants to be in the future. F inding gaps in any organization's process allows us to analyze it and then improve it, which fixes all the weaknesses in the Full Soft organization. The best approach for Full Soft is to create a proper methodology, create a best practice, and then add a high-level plan to fix the weaknesses and determine the gap analysis plan. The process consists of the following steps: determining the organization's current state, determining its ideal state, identifying any gaps within the organization, and ultimately developing improvements to close those gaps. Analysis Here are some ideas that are implemented in each of the steps mentioned in the previous paragraph: Determine the organization's current state; the best way to do this is to provide a balanced graph of the state in which the organization is currently at; record the current percentage of profit growth; and finally, determine the desired future profit growth for the company or the employees. The idea is to come up with a goal that relates to the current state in the same period. Having the growth goal easily compared to the current state will help to better recognize the gaps preventing the organization from achieving its goals. With these states monitored, the organization will have an easier time finding the gaps that need to be closed. To then identify the gaps in the organization, the differences need to be demonstrated so that the organization can flourish. The reasons why gaps occur can take many different forms; these include income per employee, the reasons behind challenging customers, anticipating customer issues before they arise, developing new products, etc. Having these examples of gaps will make it easier to determine how to close those gaps that are preventing the organization from making a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Running Head: Gap Analysis Plan 4 profit. Ultimately, the business must devise improvements to close the gaps in the organization. To bridge the gaps and enhance the organization, it is helpful to consider a few guidelines to better understand why the gaps occurred in the first place. These guidelines include recording the details of the improvements found, considering the cost of implementing each solution and determining the deadlines by which the gaps must be closed. Gap Plan Maintaining a consistent pattern of solutions offered within the gap analysis plan, The company is going to work hard to succeed quickly. Part of this strategy is to create a risk assessment plan so that the company will be better protected in the future. The first step in the high-level plan is to identify the gap and then close it. To close the gap, we can create a list of requirements and then respond to each question with a yes or no. If the organization is meeting the requirements, the response will be yes; if not, it will be no. A risk assessment of federal information systems and organizations is guided by Special Publication (NIST SP) 800-30, which provides high-level requirements. Risk assessments are conducted in three tiers of the risk management hierarchy, which is part of an overall risk management process that gives senior leaders and executives the information they need to decide on the best course of action in response to risks that have been identified. In three tiers of the risk management hierarchy— organization, business process, and information system—the NIST SP 800-30 plan assists in identifying the key elements for enhancing risk management and facilitating decision-making. This methodology benefits the organization by offering direction for carrying out risk assessments and assisting the target audience in having an effective risk management routine. The NIST SP 800-30 plan has a flow system that provides a framework for assessing, monitoring, and response frequency. This routine aids the organization in understanding the methods that go into a risk assessment plan.
Running Head: Gap Analysis Plan 5 The second methodology is called OCTAVE Allegro, or Operationally Critical Threat, Asset, and Vulnerability Evaluation. Its goal is to make information security risk assessment more efficient and effective while requiring less time, personnel, and other scarce resources from an organization. OCTAVE offers guidelines, worksheets, and examples that an organization can use to start performing Allegro-based risk assessments. It leads the organization to consider people, technology, and facilities in the context of their relationship to information and the processes and services they support. OCTAVE offers three phases in their method: identifying important information assets and protection strategies for those assets; evaluating the information infrastructure to supplement the threat; and performing risk identification to then develop a risk mitigation plan. These risk assessments help to ensure that the business information is secure under any risk scenario. Conclusion After deliberating over the two approaches offered by NIST SP and OCTAVE, which both offer excellent strategies and plans for fruitful risk assessments, it was determined that OCTAVE was the superior choice. This is because OCTAVE is designed to generate practice catalogs, threat profiles, and vulnerability catalogs. The OCTAVE method makes sure to mention ways of supporting security to mitigate risks, threats, and vulnerabilities. This is a way to create a baseline for the Full Soft organization. Based on the information provided, Full Soft wants a sufficient method to control and provide risk management to compose clear objectives and goals concerning an organization's IT security. These reasons mentioned are ways the Full Soft organization should take into consideration when protecting their profits and growth as a company.
Running Head: Gap Analysis Plan 6 References Leconte, P. (2019, September 20). Conducting A Gap Analysis: A Four-Step Template. Retrieved December 16, 2019, from https://www.clearpointstrategy.com/gap-analysis-template/ Initiative, J. T. F. T. (2012, September 17). Guide for Conducting Risk Assessments. Retrieved December 16, 2019, from https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. (2007, May 1). Retrieved December 16, 2019, from https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=8419
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Task Workflow Explained.pdf
Assessment 4 (page 13 of 15).pdf
Order of Operations Pizzazz.pdf
conoce a mis compañeros.docx
Screenshot_20231116-235903.jpg
Student question.docx
CIS206_2.4_Directory_and_File_Creation_Corey_Adams.docx
Assignment 61 - ETL Project2232 (3).docx
Week 4 - Hazard Mapping_1.docx
CHALLENGE 1.2 _ q3Conflict Resolution _ Sophia Learning.pdf
1234.docx
Jaoa Carlos Operational Planning As2.docx