5.1. Overview of Processes 1 to 3
All organizations face constraints with respect to the staff and funding that can be put toward information security efforts. The key is to determine where to direct organizational resources most effectively. The first step along this path is to determine what is important to the organization and what people are already doing to protect that which they believe to be important.
The best approach to understanding what is going on in an organization is to ask the people who work there. This is where phase 1 of OCTAVE starts, with a series of knowledge elicitation workshops. Here, you collect information from people in different levels of the organization as well as from those with business and information technology ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
