5.2. Identify Assets and Relative Priorities

Asset identification is the first activity in each knowledge elicitation workshop. During this activity, participants focus on the information-related assets they use in their jobs. From our experience of watching people learn how to perform the evaluation, we have singled out asset identification as a critical success factor for analysis teams. If you collect good information about assets in this activity, you lay the foundation for a successful and meaningful evaluation.

We call OCTAVE an asset-driven evaluation because assets are used to focus all subsequent activities. Assets guide the selection of devices and components to evaluate in phase 2, and the risk mitigation plans that you develop in ...

Get Managing Information Security Risks: The OCTAVESM Approach now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.