Managing Information Security Risks: The OCTAVESM Approach

14.2. A Framework for Managing Information Security Risks

Information security risk management is the ongoing process of identifying and addressing information security risks. This section explores the details of a structured approach for managing risks. Figure 14-4 illustrates the operations required by the information security risk management framework as well as the major tasks completed during each operation. This type of framework is common to risk management approaches in many domains, including information security [GAO 98].

Figure 14-4. Operations and Tasks of the Information Security Risk Management Framework

Assigning Responsibility

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

14.2. A Framework for Managing Information Security Risks

Figure 14-4. Operations and Tasks of the Information Security Risk Management Framework

Assigning Responsibility

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly