Book description
Information security requires far more than the latest tool or technology. Organizations must understand exactly what they are trying to protect--and why--before selecting specific solutions. Security issues are complex and often are rooted in organizational and business concerns. A careful evaluation of security needs and risks in this broader context must precede any security implementation to insure that all the relevant, underlying problems are first uncovered.
The OCTAVE approach for self-directed security evaluations was developed at the influential CERT(R) Coordination Center. This approach is designed to help you:
Identify and rank key information assets
Weigh threats to those assets
Analyze vulnerabilities involving both technology and practices
OCTAVE(SM) enables any organization to develop security priorities based on the organization's particular business concerns. The approach provides a coherent framework for aligning security actions with overall objectives.
Managing Information Security Risks, written by the developers of OCTAVE, is the complete and authoritative guide to its principles and implementations. The book:
Provides a systematic way to evaluate and manage information security risks
Illustrates the implementation of self-directed evaluations
Shows how to tailor evaluation methods to different types of organizations
Special features of the book include:
A running example to illustrate important concepts and techniques
A convenient set of evaluation worksheets
A catalog of best practices to which organizations can compare their own
0321118863B05172002
Table of contents
- Copyright
- List of Figures
- List of Tables
- Preface
- Acknowledgments
- Introduction
-
The OCTAVE Method
- Introduction to the OCTAVE Method
- Preparing for OCTAVE
- Identifying Organizational Knowledge (Processes 1 to 3)
- Creating Threat Profiles (Process 4)
- Identifying Key Components (Process 5)
- Evaluating Selected Components (Process 6)
- Conducting the Risk Analysis (Process 7)
- Developing a Protection Strategy—Workshop A (Process 8A)
- Developing a Protection Strategy—Workshop B (Process 8B)
- Variations on the OCTAVE Approach
Product information
- Title: Managing Information Security Risks: The OCTAVESM Approach
- Author(s):
- Release date: July 2002
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780321118868
You might also like
book
Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment
Use the guidance in this comprehensive field guide to gain the support of your top executives …
book
Enterprise Compliance Risk Management
The tools and information that build effective compliance programs Enterprise Compliance Risk Management: An Essential Toolkit …
book
Mastering Information Security Compliance Management
Strengthen your ability to implement, assess, evaluate, and enhance the effectiveness of information security controls based …
book
Information Security Governance Simplified
Security practitioners must be able to build a cost-effective security program while at the same time …