6.5. Identify Threats to Critical Assets
At this point in the evaluation you begin to examine the range of threats that can affect your critical assets. You perform a gap analysis of the areas of concern you elicited earlier in the evaluation, creating a complete threat profile for each critical asset.
Recall that a generic threat profile is a structured way of presenting a range of potential threats to a critical asset. In this activity you essentially tailor the generic threat profile for each critical asset by deciding which threats in the range of possibilities actually apply to a critical asset. This information helps to form the basis for examining the computing infrastructure for vulnerabilities as well as for identifying and analyzing ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
