11.3. Present Risk Information
In this activity you present background information to your organization's senior managers. Your goal is to set the context for the managers so that the protection strategy, risk mitigation plans, and action list make sense to them. You should explain any terms and concepts that may be new or different, for example, asset, threats, risk, and risk profile.
You might want to begin this activity by summarizing the OCTAVE process for the managers. Remember, they probably have not been involved in the evaluation since process 1. By reviewing the process for the managers, you can refresh their memories about the evaluation approach and provide additional context for the background information.
Review Risk Information ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
