2.3. Build Asset-Based Threat Profiles

The first phase of OCTAVE is to build asset-based threat profiles. This is a fact-finding mission of sorts. The core group arranges meetings with different levels of staffing to identify assets that are critical to the company, and the negative impacts on the company should these assets be compromised.

By design there are separate meetings for each organizational level: senior management, middle management, staff, and the IT department. By separating the organizations in this manner, each group will be more inclined to speak freely, and not hold back anything for fear of reprisal. The nature of the topic dictates that the meetings have to be somewhat formal, but the gatherings should be as relaxed as possible ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.