Accession Number:



OCTAVE Method Implementation Guide Version 2.0. Volume 1: Introduction

Descriptive Note:

Corporate Author:


Report Date:


Pagination or Media Count:



This is a Method Implementation Guide for the Operationally Critical Threat, Asset, and Vulnerability EvaluationSM OCTAVESM Method, Version 2.0. The OCTAVE Method is based on a set of criteria, which define the essential elements of an asset-driven, comprehensive, self-directed security risk evaluation for an organization. The OCTAVE Method is the first step in what should be a continuous focus on managing information security risks. The method is a self-directed security evaluation but it also lends itself to using outside experts for specific activities, if necessary. The OCTAVE Method is a complex activity requiring a team with a diverse set of skills and experiences. It is led and performed by an interdisciplinary analysis team made up of people from your business units and information technology IT department. While the OCTAVE Method was developed with larger organizations 200 employees in mind, it can be tailored to suit a smaller organization. This Method Implementation Guide contains everything we believe you will need to understand and implement the self-directed information security risk evaluation in your own organization. This is a complete set of reference material for all of the preparation and evaluation activities. We expect this guide to be useful and to provide meaningful results to your organization, whether you use it as is or tailor the materials to suit your organization. To achieve rapid testing, adoption, and use across a broad spectrum of organization types, sizes, and business domains, we are publicly releasing the guide contents in a format that readers with a range of interests and needs can use. We impose no restrictions on internal use of this material by an organization. See the wording on the copyright and licensing page at the front of this volume for confirmation.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement: