OCTAVE Catalog of Practices, Version 2.0

Abstract

The Operationally Critical Threat, Asset, and Vulnerability Evaluation(Service mark) (OCTAVE(Service mark) Method enables organizations to identify the risks to their most important assets and build mitigation plans to address those risks. OCTAVE uses three 'catalogs' of information to maintain modularity and keep the method separate from specific technologies. One of these catalogs is the catalog of good security practices. It provides the means to measure an organization's current security practices and to build a strategy for improving its practices to protect its critical assets. The catalog of practices is divided into two types of practices - strategic and operational. The strategic practices focus on organizational issues at the policy level and provide good general management practices. Operational practices focus on the technology-related issues dealing with how people use, interact with, and protect technology. This technical report describes how the catalog of practices is used in OCTAVE and describes the catalog in detail.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2001
Accession Number
ADA396654

Entities

People

  • Audrey J. Dorofee
  • Christopher J. Alberts
  • Julia H. Allen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Authentication
  • Commerce
  • Computer Access Control
  • Computer Network Security
  • Computer Programs
  • Employment
  • Engineering
  • Homosexuality
  • Information Security
  • Information Systems
  • Infrastructure
  • Physical Security
  • Plastic Explosives
  • Risk
  • Risk Analysis
  • Security
  • Software Development

Readers

  • Business Analytics
  • Cybersecurity.
  • Organizational Process Management (OPM).