Information system is a valuable thing for most organizations today. However, many organizations that perform security strategy by focusing on infrastructure weaknesses, they fail to establish due to the assets of the most important information belongs to them. This has created a gap between the operational requirements of organizations with information technology so putting assets at risk. Many security risk management approach to incomplete information, thus failing to include all components of risk (assets, threats, and vulnerability) Many organizations and hired consultants to evaluate the information security risks in the organization. The result may not match the perspective of the organization. Risk assessment conducted by the organization bersengkutan provide knowledge to understand the risks and make the right decision.
The first step to manage information security risks is to identify whether the risk organizations that implement it. After risks are identified, organizations can create a plan of prevention and reduction of risk of each of the known risks. Method Octave (The Operationally Critical Threat, Asset, and Vulnerability Evaluation) allows organizations to do the above. Octave is an approach to information security risk evaluation of a comprehensive, systematic, directed, and conducted himself. The approach is organized in a set of criteria that defines the essential elements of information security risk evaluation.
created by Sigit
