Accession Number:

ADA453286

Title:

OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 10: Example Scenario

Descriptive Note:

Final rept.

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Report Date:

2005-01-01

Pagination or Media Count:

211.0

Abstract:

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM OCTAVE approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organizations security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations less than 100 people. OCTAVE-S is led by a small, interdisciplinary team three to five people of an organizations personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organizations unique operational security risks. To conduct OCTAVE-S effectively, the team must have broad knowledge of the organizations business and security processes, so it will be able to conduct all activities by itself.

Subject Categories:

  • Administration and Management
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE