2.3. Build Asset-Based Threat Profiles
The first phase of OCTAVE is to build asset-based threat profiles. This is a fact-finding mission of sorts. The core group arranges meetings with different levels of staffing to identify assets that are critical to the company, and the negative impacts on the company should these assets be compromised.
By design there are separate meetings for each organizational level: senior management, middle management, staff, and the IT department. By separating the organizations in this manner, each group will be more inclined to speak freely, and not hold back anything for fear of reprisal. The nature of the topic dictates that the meetings have to be somewhat formal, but the gatherings should be as relaxed as possible ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
