Table 2-1 Information Security Principles, Attributes, and Outputs
Table 2-2 Mapping OCTAVE Principles to Attributes
Table 2-3 Phase 1 Outputs
Table 2-4 Phase 2 Outputs
Table 2-5 Phase 3 Outputs
Table 3-1 Mapping of Attributes to the OCTAVE Method
Table 3-2 Mapping of Outputs to the OCTAVE Method
Table 4-1 OCTAVE Preparation Activities
Table 4-2 Participants in the OCTAVE Method
Table 4-3 Analysis Team Members
Table 4-4 Senior Managers
Table 4-5 Operational Areas and Operational Area Managers
Table 4-6 General and Information Technology Staff Members
Table 5-1 Processes 1 to 3 Activities
Table 5-2 Considerations for Asset Categories
Table 5-3 Description of Senior Management Assets
Table 5-4 Threat Sources
Table 5-5 Threat Outcomes
Table 6-1 Preparation Activities for Process 4
Table 6-2 Process 4 Activities
Table 6-3 Threat Sources
Table 6-4 Relationships Among Security Requirements and Outcomes
Table 7-1 Process 5 Activities
Table 7-2 Key Classes of Components
Table 8-1 Preparation Activities for Process 6
Table 8-2 Process 6 Activities
Table 9-1 Process 7 Activities
Table 10-1 Preparation Activities for Process 8A
Table 10-2 Process 8A Activities
Table 10-3 Key Questions for Strategic Practice Areas
Table 11-1 Preparation Activity for Process 8B
Table 11-2 Process 8B Activities
Table 11-3 Key Elements of Presentation to Senior Managers
Table 14-1 Risk Identification Tasks
Table 14-2 Risk Analysis Tasks
Table 14-3 Risk Planning Tasks
Table 14-4 Risk Implementation Task
Table 14-5 Tasks for Monitoring Risks
Table 14-6 Tasks for Controlling Risks
Table A-1 Protection Strategy for MedSite
Table A-2 Action List for MedSite
Table A-3 MedSite's Critical Assets
Table A-4 Security Requirements for Paper Medical Records
Table A-5 Areas of Concern for Paper Medical Records
Table A-6 Types of Impact and Impact Values for Paper Medical Records
Table A-7 Security Requirements for Personal Computers
Table A-8 Types of Impact and Impact Values for Personal Computers
Table A-9 Security Requirements for PIDS
Table A-10 Areas of Concern for PIDS
Table A-11 Types of Impact and Impact Values for PIDS
Table A-12 Security Requirements for ABC Systems
Table A-13 Types of Impact and Impact Values for ABC Systems
Table A-14 Security Requirements for ECDS
Table A-15 Areas of Concern for ECDS
Table A-16 Types of Impact and Impact Values for ECDS
Table A-17 Systems of Interest and Key Classes of Components
Table A-18 Infrastructure Components Examined
Table A-19 Technology Vulnerability Evaluation Results
Table A-20 Severity Levels
Table A-21 Phase 2 Recommendations
Table A-22 Evaluation Criteria
Table A-23 Assets Grouped by Organizational Level
Table A-24 Security Awareness and Training
Table A-25 Security Strategy
Table A-26 Security Management
Table A-27 Security Policies and Regulations
Table A-28 Collaborative Security Management
Table A-29 Contingency Planning/Disaster Recovery
Table A-30 Physical Security Plans and Procedures
Table A-31 Physical Access Control
Table A-32 Monitoring and Auditing Physical Security
Table A-33 System and Network Management
Table A-34 System Administration Tools
Table A-35 Monitoring and Auditing IT Security
Table A-36 Authentication and Authorization
Table A-37 Vulnerability Management
Table A-38 Encryption
Table A-39 Security Architecture and Design
Table A-40 Incident Management
Table A-41 General Staff Practices
