|
|
|
CopyrightMany of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Addison-Wesley, Inc. was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals. CMM, Capability Maturity Model, Capability Maturity Modeling, Carnegie Mellon, CERT, and CERT Coordination Center are registered in the U.S. Patent and Trademark Office. ATAM; Architecture Tradeoff Analysis Method; CMMI; CMM Integration; CURE; IDEAL; Interim Profile; OCTAVE; Operationally Critical Threat, Asset, and Vulnerability Evaluation; Personal Software Process; PSP; SCAMPI; SCAMPI Lead Assessor; SCE; Team Software Process; and TSP are service marks of Carnegie Mellon University. ANY MATERIAL FURNISHED BY CARNEGIE MELLONUNIVERSITY AND THE SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN "AS IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Special permission to use materials from the OCTAVE Method Implementation Guide, copyright © 2002 by Carnegie Mellon University, has been granted by the Software Engineering Institute. The authors and publisher have taken care in preparation of this book but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. The publisher offers discounts on this book when ordered in quantity for special sales. For more information, please contact: Pearson Education Corporate Sales Division One Lake Street Upper Saddle River, NJ 07458 (800) 382-3419 corpsales@persontechgroup.com Visit A-W on the Web: www.awprofessional.com/ Library of Congress Cataloging-in-Publication Data Alberts, Christopher J. Managing information security risks : the OCTAVE approach / Christopher J. Alberts, Audrey J. Dorofee. p. cm. ISBN 0-321-11886-3 1. Computer security—Management. I. Dorofee, Audrey J. II. Title. QA76.9.A25 A43 2002 658.4'78—dc21 2002024939 Copyright © 2003 Pearson Education, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher. Printed in the United States of America. Published simultaneously in Canada. For information on obtaining permission for use of material from this work, please submit a written request to: Pearson Education, Inc. Rights and Contracts Department 75 Arlington Street, Suite 300 Boston, MA02116 Fax: (617) 848-7047 Text printed on recycled paper 1 2 3 4 5 6 7 8 9 10—HT—0605040302 First printing, June 2002 DedicationTo Carol, for her love and encouragement —Christopher Alberts For Ronald Higuera, for putting me on the path to risk management so long ago —Audrey Dorofee |
|
|
|