Chapter 8. Evaluating Selected Components (Process 6)
An information security risk evaluation is a lot like solving a puzzle. Prior to process 6, you don't quite have enough information to start developing solutions. You are missing a key piece of the puzzle, namely, the current state of your organization's computing infrastructure. The data that you must collect are the technological weaknesses present in the infrastructure.
Process 6 completes phase 2 of OCTAVE. You execute the vulnerability evaluation approach that you outlined in process 5, completing the data gathering for the evaluation and setting you up for subsequent analysis and planning activities.
|
Section |
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
