B.1. Knowledge Elicitation Worksheets

Processes 1 to 3 elicit knowledge from senior managers, operational area managers, general staff members, and information technology staff members. Participants in processes 1 to 3 provide their perspectives on assets that are important to the success of the organization, the way in which important assets are threatened, and security requirements for important assets.

The worksheets used when you elicit the above information are identical for all participants; we provide only one set. During the last activity of processes 1 to 3, you elicit information about security practices currently used by the organization and the organizational vulnerabilities that are present in the organization. There is a different ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.