|
|
|
Chapter 8. Evaluating Selected Components (Process 6)An information security risk evaluation is a lot like solving a puzzle. Prior to process 6, you don't quite have enough information to start developing solutions. You are missing a key piece of the puzzle, namely, the current state of your organization's computing infrastructure. The data that you must collect are the technological weaknesses present in the infrastructure. Process 6 completes phase 2 of OCTAVE. You execute the vulnerability evaluation approach that you outlined in process 5, completing the data gathering for the evaluation and setting you up for subsequent analysis and planning activities.
|
|
|
|