11.4. Review and Refine Protection Strategy, Mitigation Plans, and Action List
In the previous activity you set the context for the senior managers. In this activity you have the following two objectives:
To present the protection strategy, risk mitigation plans, and action list that you developed in process 8A
To allow the managers to refine each item as appropriate
Remember that your organization's senior managers have a broad, organizationwide perspective that you might not have. Senior managers understand the parameters within which the organization must operate. They have an appreciation for how many organizational resources can be applied to information security improvement efforts, as well as the constraints that must be factored into the ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.