Appcore, Inc. is a large software development company based in New York City. Fullsofts software product development code is kept confidential in an effort to safeguard the companys competitive advantage in the marketplace. You are a security professional who reports into Appcores infrastructure operations team. Appcore wants to strengthen its security posture. The chief security officer (CSO) has asked you for information on how to set up a data classification standard thats appropriate for Appcore.

In addition, the CSO wants to have a full risk assessment conducted and has asked you to provide recommendations for which risk assessment methodology to use. Two popular risk assessment methodologies are NIST SP 800-30 revision 1, Guide for Conducting RiskAssessments, and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). Your focus will be on the OCTAVE Allegro version, which is a more concise version of OCTAVE. When reviewing the methodologies, consider the following:

Which features or factors of each methodology are most important and relevant to Appcore?

Which methodology is easier to follow?

Which methodology appears to require fewer resources, such as time and staff, but still provides for a thorough assessment?

1) Type a full page of research data classification standards that apply to a company like Appcore. Determine which levels or labels should be used and the types of data they would apply to.

Review the following two risk assessment methodologies:

- NIST SP 800-30, Guide for Conducting Risk Assessments - Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), Allegro version

Create a typed full page that describes each risk assessment methodology, a recommendation for which methodology Appcore should follow, and justification for your choice.