Which of the following is a risk methodology that is intended to be used in situations where people manage and direct the risk evaluation for information security within their company?
A.
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
B.
ANZ 4360
C.
Failure Modes and Effect Analysis
D.
NIST SP 800-66
Explanation:
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability
Evaluation) was created by Carnegie Mellon University’s Software Engineering
Institute. It is a methodology that is intended to be used in situations where
people manage and direct the risk evaluation for information security within their
company.