Managing Information Security Risks: The OCTAVESM Approach

13.3. Very Large, Dispersed Organizations

As mentioned in Part I of this book, we designed the OCTAVE Method for large organizations. However, “large” is an imprecise and relative term. This section describes an organization that would fit almost anyone's definition of large. We turn our attention to implementing OCTAVE in a global organization that is distributed across multiple locations.

Company X

Figure 13-3 shows the organizational structure for Company X. Some sites in Company X are large facilities that use the latest technology; others are small, remote offices with small staffs. Company X is hierarchical in nature; it is organized according to geographic regions and has one director per region. The company has tens of thousands of employees ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

13.3. Very Large, Dispersed Organizations

Company X

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly