Team LiB   Previous Section   Next Section

Chapter 8. Evaluating Selected Components (Process 6)

An information security risk evaluation is a lot like solving a puzzle. Prior to process 6, you don't quite have enough information to start developing solutions. You are missing a key piece of the puzzle, namely, the current state of your organization's computing infrastructure. The data that you must collect are the technological weaknesses present in the infrastructure.

Process 6 completes phase 2 of OCTAVE. You execute the vulnerability evaluation approach that you outlined in process 5, completing the data gathering for the evaluation and setting you up for subsequent analysis and planning activities.


8.1 Overview of Process 6

8.2 Before the Workshop: Run Vulnerability Evaluation Tools on Selected Infrastructure Components

8.3 Review Technology Vulnerabilities and Summarize Results

    Team LiB   Previous Section   Next Section