5.5. Capture Knowledge of Current Security Practices and Organizational Vulnerabilities

If you want your organization to improve with respect to how it handles information security, you need first to establish where you currently are, that is, what you are currently doing well and where you need to improve. You do this by examining the security practices within your organization.

In this activity you evaluate your organization's current security practices against a catalog of known good security practices. You elicit detailed information about your organization's current security policies, procedures, and practices, thus providing a starting point for improvement. In OCTAVE we suggest using multiple means to collect information about current ...

Get Managing Information Security Risks: The OCTAVESM Approach now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.