Appendix C. Catalog of Practices

This document contains the catalog of practices used in the OCTAVE approach. The catalog of practices comprises a collection of good strategic and operational security practices. An organization that is conducting an information security risk evaluation measures itself against this catalog of practices. The catalog is used as a measurement for what the organization is currently doing well with respect to security (its current security practices) and what it is not doing well (its organizational vulnerabilities). During each knowledge elicitation workshop, participants fill out a survey and then discuss any issues from the survey that they feel are important. The catalog of practices is also used during the creation ...

Get Managing Information Security Risks: The OCTAVESM Approach now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.