Carry out a security self-assessment of an organization using the NIST Special Publication 800-26 as a guide. (I am okay with any federal organization).

The SP 800-26 document is a self-assessment guide used to assess the IT system of an organization. This document is no longer available from NIST but it is contained in Appendix A at the end of the textbook (pp. 471-491). You may use this appendix as a guide. It is recommend that you use primary areas such as Management controls, Operational controls, Technical controls, etc., as a guide to assess a system.

A new publication, SP 800-53A "Guide for Assessing the Security Controls in Federal Information Systems," is available for download from the NIST website at: http://csrc.nist.gov/publications/nistpubs/800-53A-rev1/sp800-53A-rev1-final.pdf.

At the moment this document is in draft form. Those of you who are working or are experienced in Federal IT Systems, may use this publication as an alternative to SP 800-26.

Basically you have a choice of using SP 800-26 or 53A.(Both are attached)

Need a report based on the self-assessment of an organization. It should be 4-5 pages long, 12 point character size, single line spacing, and have 1" margins on all sides. It is recommended that you do not use the actual name of the organization in the report; use a title, such as "ABC, Inc." Your report should include a brief description of the organization, nature of the business, analysis of the results, and recommendations for improvement in the form of an action plan.

You should also prepare a PowerPoint presentation (10-15 slides) explaining the results and recommendations of your assessment to senior management of the organization.

Deliverables:

1. Word document containing report

2. PowerPoint file containing presentation