COM 510 – Management of Information SecurityProject GuidelinesProject DescriptionCarry out a security self-assessment of an organization using the NIST Special Publication 800-26 as a guide. This may be your current or previous employer or your own organization. You must seek permission from the individual responsible for the information security of that organization.The SP 800-26 document is a self-assessment guide used to assess the IT system of an organization. This document is no longer available from NIST but it is contained in Appendix A at the end of the textbook (pp. 471-491). You may use this appendix as a guide. It is recommend that you use primary areas such as Management controls, Operational controls, Technical controls, etc., as a guide to assess a system.A new publication, SP 800-53A “Guide for Assessing the Security Controls in Federal Information Systems,” is available for download from the NIST website at: the moment this document is in draft form. Those of you who are working or are experienced in Federal IT Systems, may use this publication as an alternative to SP 800-26.Basically you have a choice of using SP 800-26 or 53A.ReportWrite a report based on the self-assessment of an organization. It should be 4-5 pages long, 12 point character size, single line spacing, and have 1” margins on all sides. It is recommended that you do not use the actual name of the organization in the report; use a title, such as “ABC, Inc.” Your report should include a brief description of the organization, nature of the business, analysis of the results, and recommendations for improvement in the form of an action plan.You should also prepare a PowerPoint presentation (10-15 slides) explaining the results and recommendations of your assessment to senior management of the organization.Deliverables:1. Word document containing report2. PowerPoint file containing presentationSubmit your project to the Security Assessment Dropbox no later than 11:59 PM Sunday EST/EDT of Module 8.

