Team LiB   Previous Section   Next Section

Part II: The OCTAVE Method

Chapter 2 presented the principles, attributes, and outputs of the OCTAVE approach, providing a foundation for information security risk evaluations. Part II builds upon that foundation by examining how the OCTAVE approach can be implemented in an organization. The OCTAVE Method is an example of an evaluation consistent with the principles, attributes, and outputs. This method is designed for larger organizations and is a starting point from which to adapt to a particular operational environment or industry segment.

Chapter 3 provides an overview of the OCTAVE Method, and Chapters 4 to 11 describe the activities required to conduct the method. Throughout Part II, each activity is illustrated using a sample scenario set in a hospital.

Chapter
 

3 Introduction to the OCTAVE Method

 

4 Preparing for OCTAVE

 

5 Identifying Organizational Knowledge (Processes 1 to 3)

 

6 Creating Threat Profiles (Process 4)

 

7 Identifying Key Components (Process 5)

 

8 Evaluating Selected Components (Process 6)

 

9 Conducting the Risk Analysis (Process 7)

 

10 Developing a Protection Strategy—Workshop A (Process 8A)

 

11 Developing a Protection Strategy—Workshop B (Process 8B)

    Team LiB   Previous Section   Next Section