Managing Information Security Risks: The OCTAVESM Approach

11.4. Review and Refine Protection Strategy, Mitigation Plans, and Action List

In the previous activity you set the context for the senior managers. In this activity you have the following two objectives:

To present the protection strategy, risk mitigation plans, and action list that you developed in process 8A
To allow the managers to refine each item as appropriate

Remember that your organization's senior managers have a broad, organizationwide perspective that you might not have. Senior managers understand the parameters within which the organization must operate. They have an appreciation for how many organizational resources can be applied to information security improvement efforts, as well as the constraints that must be factored into the ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

11.4. Review and Refine Protection Strategy, Mitigation Plans, and Action List

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly