14.3. Implementing Information Security Risk Management
The information security risk management framework provides guidance about the operations that organizations can implement to identify and address their information security risks. This section presents a common implementation of the framework. At the heart of this implementation is the information security risk evaluation.
Time Line Between Evaluations
Figure 14-5 illustrates a time line between two successive evaluations. Notice that after the organization completes Evaluation A, it has set its baseline with respect to its information security risks (i.e., the organization has taken its “snapshot” of its current risks). The organization must then address, or manage, the highest-priority ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
