OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 1: Introduction to OCTAVE-S

Abstract

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE ) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organization's security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a small, interdisciplinary team (three to five people) of an organization's personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organization's unique operational security risks. To conduct OCTAVES effectively, the team must have broad knowledge of the organization's business and security processes, so it will be able to conduct all activities by itself.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2005
Accession Number
ADA453304

Entities

People

  • Audrey J. Dorofee
  • Carol C. Woody
  • Christopher J. Alberts
  • James R. Stevens

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Commerce
  • Department Of Defense
  • Engineering
  • Governments
  • Guarantees
  • Guidance
  • Handbooks
  • Information Security
  • Information Systems
  • Infrastructure
  • Materials
  • Organizational Structure
  • Risk
  • Security
  • Software Development
  • Vulnerability

Readers

  • Organizational Process Management (OPM).
  • Strategic Security Studies