6.4. Refine Security Requirements for Critical Assets
This activity can be difficult for many analysis teams, as it requires defining security requirements for each critical asset, focusing on the organizational perspective. As you review security requirements from earlier workshops, you will start to see conflicts and gaps among the data.
For example, senior managers may have selected confidentiality as the most important security requirement, while staff members valued availability most. Your task is to view the information from the perspective of the organization and resolve the differences in the data. You must consider trade-offs in selecting one security requirement over another. Which aspect of security would you sacrifice to protect another? ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
