8.1. Overview of Process 6
Process 6 is a data collection and analysis task. When you started the evaluation, your objective was to understand your organization's information security risks. To examine your risk, you needed to focus on the individual components of risk: asset, threat, vulnerability, and impact.
Prior to this point in the evaluation, you have identified your critical assets, the threats to the assets, current security practices used by your organization, and organizational vulnerabilities present in your organization. It is now time to take another step toward completing the picture of risk by setting your sights on the infrastructure.
Process 6 Workshop
Process 6 is unique because it requires the completion of a major technical ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.