The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Managing Information Security Risks: The OCTAVE Approach'

Cover of Managing Information Security Risks: The OCTAVE Approach
TitleManaging Information Security Risks: The OCTAVE Approach
Author(s)Christopher Alberts, Audrey Dorofee
ISBN0321118863
LanguageEnglish
PublishedJuly 2002
PublisherAddison-Wesley Pub Co
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for Managing Information Security Risks: The OCTAVE Approach

Score:

virtualbookcase.com score: 5.0 *****  Vote for this book

The Virtual Bookcase Reviews of 'Managing Information Security Risks: The OCTAVE Approach':

Reviewer Rob Slade wrote:
Part one is an introduction to risks and risk evaluation. Chapter one is a generic, and not particularly clearly written, outline of a basic risk analysis process. The OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) process is described in chapter two, along with various principles, factors (called attributes), and three phases of outputs (or deliverables) of the process. Part two presents more details of the method. Chapter three runs through the outcomes and attributes again, but in a confusing fashion. "Preparing for OCTAVE," in chapter four, is a fairly generic outline of preparation for any kind of planning. Chapter five begins a list of the individual processes of OCTAVE, but essentially says that the company should identify assets, threats and vulnerabilities. The creation of threat profiles, in chapter six, is the first part of the process that actually presents details and tools that might help in risk analysis. Chapter seven suggests that you identify key components of an asset, but, again, does not offer a specific process for doing so. Evaluating selected components, in chapter eight, seems to be merely subdividing asset threat analysis. Risk analysis is vaguely and briefly covered in chapter nine. Chapters ten and eleven contain pedestrian advice about developing a protection strategy. Part three talks about variations to OCTAVE. Chapter twelve discusses the tailoring of OCTAVE, but since OCTAVE itself is rather vague, it is difficult to understand the options for alteration. Chapter thirteen asserts that OCTAVE is suitable for a variety of situations: since the process is so generic this is probably true. Chapter fourteen recommends reviewing or redoing an OCTAVE assessment from time to time--just like any risk analysis. Appendix B lists a variety of worksheets for risk analysis which could be quite useful. This book is written in such a nebulous manner that it is difficult to day whether OCTAVE is an obscure method, or whether it is simply poorly explained. copyright Robert M. Slade, 2002
Add my review for Managing Information Security Risks: The OCTAVE Approach
Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement