“Principles for Policy and Standards Development” Please respond to the following:
- Select two principles for policy and standards development (accountability, awareness, ethics, multidisciplinary,
, integration, defense-in-depth, timeliness, reassessment, democracy, internal control, adversary, least privilege, continuity, simplicity, and policy-centered security). Examine how these principles would be the same and different for a health care organization and a financial organization.
- Determine which type of organization would have the most difficulty implementing the principles you selected. Support your answer.
D. “OCTAVE” Please respond to the following:
- From the website http://www.cert.org/octave/ provide a brief explanation of the Operationally, Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methods. Explain how they are beneficial for organizations developing their IT risk management approaches.
- From the e-Activity, explain how the size of the organization impacts the OCTAVE method utilized. Determine the factors that large organizations, as opposed to small organizations, are most concerned with.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar