Chapter 11. Developing a Protection Strategy—Workshop B (Process 8B)One of the principles of OCTAVE is setting the foundation for a continuous process. This principle addresses the need to implement the results of an information security risk evaluation, providing the basis for security improvement. If an organization fails to implement the results of an evaluation, it will also fail to improve its security posture. The second workshop of process 8 marks the end of the OCTAVE Method. Although the formal evaluation process comes to an end, the organization needs to consider what happens after the evaluation. This workshop sets up the transition from conducting the evaluation to implementing the results, to ensure that your organization is in a position to benefit from the whole process.
|