OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 7: Critical Asset Worksheets for Applications

Alberts, Christopher; Dorofee, Audrey; Stevens, James; Woody, Carol

OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 7: Critical Asset Worksheets for Applications

Active / Technical Report | Accession Number: ADA453298 |

Open PDF

Abstract:

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM OCTAVE approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organizations security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations less than 100 people. OCTAVE-S is led by a small, interdisciplinary team three to five people of an organization . personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organizations unique operational security risks. To conduct OCTAVE-S effectively, the team must have broad knowledge of the organizations business and security processes, so it will be able to conduct all activities by itself.

Author(s):

Alberts, Christopher ; Dorofee, Audrey ; Stevens, James ; Woody, Carol

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Descriptive Note:

Final rept.

Supplementary Note:

This document is Volume 7 of the OCTAVE-S Implementation Guide, a 10-volume handbook supporting the OCTAVE-S methodology. This volume provides worksheets to document data related to critical assets that are categorized as applications.

Pagination:

0090

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU/SEI-2003-HB-003

Contract/Grant Number(s):

F19628-00-C-0003

Monitor Series:

ESC/MA

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_8_Building Partnerships; JCA_8.1_Communicate; JCA_8.1.3_Influence Adversary and Competitor Audiences; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_6_Net Centric; JCA_5.3_Planning; JCA_5.3.2_Apply Situational Understanding; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_8.2_Shape; JCA_6.4.1_Secure Information Exchange; JCA_6.1.2_Wireless Transmission; JCA_6.1_Information Transport; JCA_7_Protection; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_3.2_Engagement; JCA_3_Force Application

Modernization Areas:

Cyber

Communities of Interest:

Energy and Power Technologies

Descriptor(s):

*METHODOLOGY, *ELECTRONIC SECURITY, *RISK ANALYSIS, *INFORMATION SECURITY, *RISK MANAGEMENT, ORGANIZATIONS, STRATEGIC ANALYSIS, COMPUTER ACCESS CONTROL, THREATS, PLANNING, COMPUTER APPLICATIONS, HANDBOOKS

Field(s)/Group(s):

Administration and Management, Computer Systems Management and Standards, Computer Systems

Keyword(s):

CRITICAL ASSETS, RISK PROFILES, NETWORK ACCESS, SECURITY RISKS, SECURITY STRATEGY, THREAT PROFILES

Report Date:

2004 Jan 01

Creation Date:

2006 Sep 20