Home > Articles

Viewing Security Management as a Business Practice, Part 2: Lessons Learned in a Small Nonprofit Organization

  • Print
  • + Share This
Current approaches for evaluating information-security risks generally focus on the needs of large organizations; few such pragmatic approaches exist for the unique operational environments of small organizations. See how a small nonprofit professional society's security threats affected its business operations.
From the author of

Introduction

Part 1 of this series illustrated how a mid-sized hospital used the Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVESM) Method to establish the link between security threats and their impact on the hospital's ability to meet its business objectives. This article illustrates how a small nonprofit professional society used OCTAVE to understand how security threats might affect its business operations.

NOTE

Operationally Critical Threat, Asset, and Vulnerability EvaluationSM and OCTAVESM are service marks of Carnegie Mellon University.

  • + Share This
  • 🔖 Save To Your Account