Managing Information Security Risks: The OCTAVE Approach
any organization to develop security priorities based on the organization's
particular business concerns. This approach provides a coherent framework
for aligning security actions with overall objectives. Managing
Information Security Risks, written by the developers of OCTAVE,
is the complete and authoritative guide to its principles and implementations.
The book provides a systematic way to evaluate and manage information
security risks, illustrates the implementation of self-directed evaluations,
and shows how to tailor evaluation methods to different types of organizations.