Managing Information Security Risks: The OCTAVESM Approach

11.5. Create Next Steps

This activity marks the end of the evaluation process. In many ways it is one of the most critical steps; as you now ask your organization's senior managers to think about what happens after the evaluation, they determine the ultimate direction for security improvement efforts in the organization.

Identify Next Steps

Ask the senior managers the following questions:

What will your organization do to build on the results of this evaluation?
What will you do to ensure that your organization improves its information security?
What can you do to support this security improvement initiative? What can other managers in your organization do?
What are your plans for ongoing security evaluation activities?

Notice that the questions ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

11.5. Create Next Steps

Identify Next Steps

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly