Team LiB   Previous Section   Next Section

Chapter 9. Conducting the Risk Analysis (Process 7)

OCTAVE is focused on building an organizationwide view of information security risks. Up to this point in the evaluation you have collected data about three of the components of risk—threat, asset, and vulnerability. Your analysis activities have focused on critical assets, how they are threatened, and how they are technologically vulnerable. Now you broaden your view by considering the organization. You examine how threats to your organization's critical assets can affect its business objectives and its mission.

Process 7 begins phase 3 of the OCTAVE Method, Develop Security Strategy and Plans. This process creates the link between critical assets and what is important to your organization, putting your organization in a better position to manage the uncertainty that it faces.


9.1 Overview of Process 7

9.2 Identify the Impact of Threats to Critical Assets

9.3 Create Risk Evaluation Criteria

9.4 Evaluate the Impact of Threats to Critical Assets

9.5 Incorporating Probability into the Risk Analysis

    Team LiB   Previous Section   Next Section