A.5. Additional Information
Additional information is provided in the following sections:
5.1 Risk Impact Evaluation Criteria. These are the criteria we used to evaluate the impact of risks on critical assets.
5.2 Other Assets. This list includes all of the assets identified as important during processes 1 to 3 of the OCTAVE Method.
5.3 Security Practice Survey Results. These are a complete set of results from the security practice surveys and follow-up discussions completed during processes 1 to 3 of the OCTAVE Method.
A.5.1. Risk Impact Evaluation Criteria
We defined the impact evaluation criteria and then evaluated each impact against those criteria. We recommend that these evaluation criteria, shown in Table A-22, become a standard for MedSite. ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.