13.1. Introduction
Before conducting an OCTAVE, you must decide how to set the scope of the evaluation. You must also tailor the evaluation to meet the needs of the organization and to complement your unique operational environment and business processes. So where do you start? The following questions will help you think about how to implement OCTAVE in your organization:
How complex is your organization? What size is it? Is it national or international? How many business lines are in the organization? How many products does your organization produce? Is your organization geographically dispersed, or is it centralized? How diverse is the organizational culture?
Who is within your organization's sphere of influence? Who will be affected by your ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
