B.1. Knowledge Elicitation Worksheets

Processes 1 to 3 elicit knowledge from senior managers, operational area managers, general staff members, and information technology staff members. Participants in processes 1 to 3 provide their perspectives on assets that are important to the success of the organization, the way in which important assets are threatened, and security requirements for important assets.

The worksheets used when you elicit the above information are identical for all participants; we provide only one set. During the last activity of processes 1 to 3, you elicit information about security practices currently used by the organization and the organizational vulnerabilities that are present in the organization. There is a different ...

Get Managing Information Security Risks: The OCTAVESM Approach now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.