2.3. Information Security Risk Evaluation Attributes
We now turn our attention directly toward information security evaluation, moving from the more abstract nature of risk management principles to information security risk evaluation attributes. The remainder of this chapter focuses on the attributes and outputs of the OCTAVE approach.
First, we examine the tangible characteristics of information security risk evaluations and define what is necessary to make the evaluation a success from both the process and organizational perspectives. We begin by exploring the primary relationships between the principles and attributes, illustrated in Table 2-2.
| Principle | Attribute |
|---|---|
| Self-direction | Analysis team ... |
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
