8.3. Review Technology Vulnerabilities and Summarize Results
The previous activity required specialized information technology and security knowledge to complete. Before you can move to the risk analysis activities of phase 3, you need to make sure that all analysis team members have an appreciation of the results of the infrastructure examination. Thus, part of this activity requires communicating technological issues effectively to people who may not have technology backgrounds.
A second part of this activity requires you to think about the technology information in the context of your organization. You refine the picture of current security practices and organizational vulnerabilities. You also revisit the threat profile for each critical ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
