Managing Information Security Risks: The OCTAVESM Approach

Chapter 4. Preparing for OCTAVE

As we pointed out in Chapter 3, you need to prepare before you can successfully conduct an organizationwide information security risk evaluation like the OCTAVE Method. The objective of preparing for the evaluation is to build a solid foundation for coordinating and executing all subsequent evaluation activities. This chapter examines the activities that need to be undertaken to prepare for the OCTAVE Method.

Section

4.1 Overview of Preparation
4.2 Obtain Senior Management Sponsorship of OCTAVE
4.3 Select Analysis Team Members
4.4 Select Operational Areas to Participate in OCTAVE
4.5 Select Participants
4.6 Coordinate Logistics
4.7 Sample Scenario

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

Chapter 4. Preparing for OCTAVE

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly