Chapter 7. Identifying Key Components (Process 5)
Recall that security includes both organizational and technological aspects. The security-related practices of the people in the organization are important, as is the state of an organization's computing infrastructure. OCTAVE requires the examination of both organizational and technological issues during the evaluation.
Process 5, Identify Infrastructure Vulnerabilities, marks the beginning of phase 2 of OCTAVE. It requires the organization to examine its computing infrastructure in relation to phase 1's organizational information, setting the scope for a technological evaluation of the infrastructure. At this point in the evaluation, a transition occurs from the organizational view to the technological ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
