5.3. Identify Areas of Concern
As people work with information-related assets when performing their jobs, they develop an understanding of the operational procedures related to accessing and using information. They learn about the way operations really work in their organization. They know where written procedures must be followed to the letter, and they know where they have to “make things work” by deviating from formally written protocols. The knowledge about what is really happening in the organization is vital when creating threat scenarios.
In this activity participants express concerns about how their most important assets are threatened. They create the scenarios using prompts based on known sources and outcomes of threat, resulting in ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
