2.5. Evaluate Security Strategy and Plans
In Parts 1 and 2 of the OCTAVE evaluation the core team, with assistance from select other groups within the organization, has built a database of critical assets, threats to those assets, and vulnerabilities of the assets. The goal of Part 3 of the OCTAVE evaluation is to determine how to reduce risk to the critical assets.
A risk, in this situation, is defined as a threat combined with the impact on an organization if that threat is carried out against a critical asset. Risk can be defined as either a qualitative or quantitative value; OCTAVE focuses on the qualitative aspect of risk evaluation.
Before deciding how to respond to the risks that emerged from Parts 1 and 2 of the OCTAVE evaluation, an ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
