Managing Information Security Risks: The OCTAVESM Approach

4.4. Select Operational Areas to Participate in OCTAVE

One of the key OCTAVE principles is focus on the critical few. This principle implies that you can focus the evaluation on selected areas of the organization rather than performing an exhaustive search of the entire organization. Setting a manageable scope for the evaluation reduces its size, making it easier to schedule and perform the activities. It also allows you to prioritize the areas of an organization for the evaluation, ensuring that the highest-risk or most important areas can be examined first or more frequently.

Setting the Scope of the Evaluation

The analysis team works with the organization's senior managers to select which operational areas to examine during the OCTAVE Method. ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

4.4. Select Operational Areas to Participate in OCTAVE

Setting the Scope of the Evaluation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly