Chapter 5. Identifying Organizational Knowledge (Processes 1 to 3)
OCTAVE is an evaluation that examines operational information security risk. The evaluation starts by focusing on operational issues in the organization. In this method processes 1 to 3 mark the beginning of phase 1, Build Asset-Based Threat Profiles. In these processes you gather multiple perspectives about information security based on the knowledge of the people in the organization.
One of the objectives of phase 1 is to create an organizational, or global, perspective of operational security issues. To do this, you need to elicit individual views about security issues and then consolidate them into an organizational perspective, creating a foundation for all subsequent analysis ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
