Accession Number:

ADA453304

Title:

OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 1: Introduction to OCTAVE-S

Descriptive Note:

Final rept.

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Report Date:

2005-01-01

Pagination or Media Count:

40.0

Abstract:

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM OCTAVE approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organizations security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations less than 100 people. OCTAVE-S is led by a small, interdisciplinary team three to five people of an organizations personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organizations unique operational security risks. To conduct OCTAVES effectively, the team must have broad knowledge of the organizations business and security processes, so it will be able to conduct all activities by itself.

Subject Categories:

  • Administration and Management
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE