OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 10: Example Scenario

Abstract

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE ) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organization's security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a small, interdisciplinary team (three to five people) of an organization's personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organization's unique operational security risks. To conduct OCTAVE-S effectively, the team must have broad knowledge of the organization's business and security processes, so it will be able to conduct all activities by itself.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2005
Accession Number
ADA453286

Entities

People

  • Audrey J. Dorofee
  • Carol C. Woody
  • Christopher J. Alberts
  • James R. Stevens

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Authentication
  • Commerce
  • Computer Access Control
  • Computers
  • Contractors
  • Information Security
  • Information Systems
  • Law
  • Medical Personnel
  • Natural Disasters
  • Organizational Structure
  • Personal Computers
  • Personnel Management
  • Physical Security
  • Physicians
  • Security
  • Software Development

Readers

  • Organizational Process Management (OPM).