Chapter 6. Creating Threat Profiles (Process 4)
One of the principles of OCTAVE is to focus on the critical few. In an asset-based evaluation, the term “critical few” refers to your organization's most critical assets. In all subsequent data collection and analysis activities, you use critical assets as the basis for scoping each activity. This underscores the importance of carefully selecting critical assets.
Process 4 completes phase 1 of OCTAVE by consolidating and refining the individual perspectives elicited during the first three processes. You gain insight into how each asset is threatened by examining individual areas of concern in the context of a known range of threats.
|
Section |
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
