2.4. Information Security Risk Evaluation Outputs
Outputs are the results, or outcomes, that an analysis team must achieve during the evaluation; they are the tangible products of the evaluation. An organizationwide information security risk evaluation produces three basic types of outputs: (1) organizational data, (2) technological data, and (3) risk analysis and mitigation data.
In designing the OCTAVE, we decided to organize the evaluation activities according to these data classifications, producing a three-stage information security risk evaluation approach. The three phases illustrate the interdisciplinary nature of information security by emphasizing its organizational and technological aspects. The OCTAVE phases and the required outputs ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.