OCTAVE(Trademark)-S Implementation Guide, Version 1.0, Volume 3: Method Guidelines

Abstract

The Operationally Critical Threat, Asset, and Vulnerability Evaluation(SM) (OCTAVE(Trademark)) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organization's security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a small, interdisciplinary team (three to five people) of an organization's personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organization's unique operational security risks. To conduct OCTAVE-S effectively, the team must have broad knowledge of the organization's business and security processes so it will be able to conduct all activities by itself. This document is Volume 3 of the OCTAVE-S Implementation Guide, a 10-volume handbook supporting the OCTAVE-S methodology. This volume provides detailed guidelines for conducting an OCTAVE-S evaluation.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2005
Accession Number
ADA430803

Entities

People

  • Audrey J. Dorofee
  • Carol C. Woody
  • Christopher J. Alberts
  • James R. Stevens

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Human Systems

DTIC Thesaurus Topics

  • Application Software
  • Authentication
  • Commerce
  • Computer Access Control
  • Computers
  • Contingency Operations (Military)
  • Data Storage Systems
  • Department Of Defense
  • Engineering
  • Information Security
  • Information Systems
  • Infrastructure
  • Intellectual Property
  • Risk
  • Security
  • Software Development
  • Vulnerability

Readers

  • Organizational Process Management (OPM).