6 Administrative Data Gathering
Each of the next three chapters is dedicated to the topic (or security risk assessment phase) of data gathering. The topic of data gathering is a large one and encompasses many activities and security controls. In Chapter 5, the Review, Interview, Inspect, Observe, Test (RIIOT) data gathering method was introduced as a method of organizing, describing, and managing the data gathering effort. The RIIOT approach provides the organizational structure to discussions regarding the application of data gathering techniques for administrative, physical, and technical security controls. This large topic has been divided into three groups—administrative (Chapter 6), technical (Chapter 7), and physical (Chapter 8)—to facilitate ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access