Appendix A. Case Scenario for the OCTAVE Method

Part II of this book looked at some brief examples of the outputs resulting from processes and activities of the OCTAVE Method. This appendix provides the final report produced by the analysis team at MedSite. The OCTAVE Method produces a wealth of information in considerable detail. Rather than show all the interim stages of data consolidation, we instead provide the complete set of results in a format that could be used to brief and inform senior managers.

Finally, you should remember that the results you achieve from any information security risk evaluation are meaningful only if you use them. The final strategy and plans resulting from the data acquired and analyzed during processes 1 through 7 will have meaning only if they are implemented and tracked to completion.

Section A.1 MedSite OCTAVE Final Report: Introduction A.2 Protection Strategy for MedSite A.3 Risks and Mitigation Plans for Critical Assets A.4 Technology Vulnerability Evaluation Results and Recommended Actions A.5 Additional Information