Managing Information Security Risks: The OCTAVESM Approach

A.5. Additional Information

Additional information is provided in the following sections:

5.1 Risk Impact Evaluation Criteria. These are the criteria we used to evaluate the impact of risks on critical assets.

5.2 Other Assets. This list includes all of the assets identified as important during processes 1 to 3 of the OCTAVE Method.

5.3 Security Practice Survey Results. These are a complete set of results from the security practice surveys and follow-up discussions completed during processes 1 to 3 of the OCTAVE Method.

A.5.1. Risk Impact Evaluation Criteria

We defined the impact evaluation criteria and then evaluated each impact against those criteria. We recommend that these evaluation criteria, shown in Table A-22, become a standard for MedSite. ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

A.5. Additional Information

A.5.1. Risk Impact Evaluation Criteria

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly