Part II: The OCTAVE Method

Chapter 2 presented the principles, attributes, and outputs of the OCTAVE approach, providing a foundation for information security risk evaluations. Part II builds upon that foundation by examining how the OCTAVE approach can be implemented in an organization. The OCTAVE Method is an example of an evaluation consistent with the principles, attributes, and outputs. This method is designed for larger organizations and is a starting point from which to adapt to a particular operational environment or industry segment.

Chapter 3 provides an overview of the OCTAVE Method, and Chapters 4 to 11 describe the activities required to conduct the method. Throughout Part II, each activity is illustrated using a sample scenario ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.