OCTAVE(Trademark)-S Implementation Guide, Version 1.0, Volume 1: Introduction to OCTAVE-S
Abstract
The Operationally Critical Threat, Asset, and Vulnerability Evaluation(SM) (OCTAVE(Trademark)) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organization's security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a small, interdisciplinary team (three to five people) of an organization's personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organization's unique operational security risks. To conduct OCTAVE-S effectively, the team must have broad knowledge of the organization's business and security processes so it will be able to conduct all activities by itself. This document is Volume 1 of the OCTAVE-S Implementation Guide, a 10-volume handbook supporting the OCTAVE-S methodology. This volume provides users with a basic understanding of the OCTAVE-S, v1.0 methodology, and assists them in determining whether OCTAVE-S, v1.0 is appropriate for their organization.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2005
- Accession Number
- ADA430801
Entities
People
- Audrey J. Dorofee
- Carol C. Woody
- Christopher J. Alberts
- James R. Stevens
Organizations
- Carnegie Mellon University