Parts I and II of this book focused on the OCTAVE approach and provided detailed guidance on how to conduct the OCTAVE Method. Part III broadens our view in two ways. First, it examines the contextual nature of information security risk evaluations by addressing how to tailor the OCTAVE approach for a variety of operational environments. Next, it looks at how to improve your organization's security posture by implementing the results of the evaluation and managing your information security risks.
Chapter 12 describes a number of ways in which you can tailor the processes, activities, and artifacts of the OCTAVE Method. Chapter 13 highlights examples of how OCTAVE is being applied in a range of operational environments. Finally, Chapter 14 presents a framework for managing information security risks.
