4.1. Overview of Preparation
Since the OCTAVE Method looks at a cross-section of an organization, it involves many people and requires a lot of coordination. The preparation activities are important, because they set the stage for the evaluation. During preparation you must overcome any organizational inertia and build momentum for conducting the evaluation.
Chapter 3 identified the following success factors for information security risk evaluations:
Getting senior management sponsorship for the evaluation
Selecting the analysis team to lead the evaluation
Setting the scope of the evaluation
Selecting participants for evaluation activities
It is during preparation that you directly address these key success factors and set the direction for your ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.