Appendix C. Catalog of Practices

This document contains the catalog of practices used in the OCTAVE approach. The catalog of practices comprises a collection of good strategic and operational security practices. An organization that is conducting an information security risk evaluation measures itself against this catalog of practices. The catalog is used as a measurement for what the organization is currently doing well with respect to security (its current security practices) and what it is not doing well (its organizational vulnerabilities). During each knowledge elicitation workshop, participants fill out a survey and then discuss any issues from the survey that they feel are important. The catalog of practices is also used during the creation ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.