7.3. Identify Infrastructure Components to Examine
Recall that focus on the critical few is a guiding principle of this evaluation process. In this activity you follow that principle when you select specific components from each key class to examine for technology vulnerabilities.
One point that needs to be emphasized here is the difference between performing a vulnerability evaluation in the context of a risk evaluation and doing so in the context of an ongoing vulnerability management practice. During this activity your goal is to select enough components from each key class to enable you to gain an understanding of how vulnerable your computing infrastructure currently is.
By contrast, when you form your risk mitigation plans in process 8, ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
