OCTAVE, NIST 800-30, and AS/NZS 4360 are different approaches to carrying out risk management within companies and organizations. What are the differences between these methods?
A.
NIST and OCTAVE are corporate based.
B.
NIST and OCTAVE are IT based.
C.
AS/NZS is IT based.
D.
NIST and AS/NZS are corporate based.
Explanation:
B: While both the NIST and OCTAVE methodologies focus on IT threats and information security risks, AS/NZS 4360 takes a much broader approach to risk management. This methodology can be used to understand a companys financial, capital, human safety, and business decisions risks. Although it can be used to analyze security risks, it was not created specifically for this purpose.