9.4. Evaluate the Impact of Threats to Critical Assets

This activity builds upon the first two. You use the evaluation criteria that you created previously to evaluate the impact descriptions that you developed earlier during the first activity of process 7. By doing this, you are able to estimate the impact on the organization for each threat to a critical asset. The ultimate result is that you can now establish priorities to guide your risk mitigation activities during process 8.

Step 1: Review Information

Before you evaluate your risks, you need to review the information gathered so far from earlier processes. Specifically, we suggest that you look at the evaluation criteria and the following for each critical asset:

  • Threat profiles

  • Impact ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.