OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 1: Introduction to OCTAVE-S

OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 1: Introduction to OCTAVE-S

Active / Technical Report | Accession Number: ADA453304 |

Abstract:

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM OCTAVE approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organizations security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations less than 100 people. OCTAVE-S is led by a small, interdisciplinary team three to five people of an organizations personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organizations unique operational security risks. To conduct OCTAVES effectively, the team must have broad knowledge of the organizations business and security processes, so it will be able to conduct all activities by itself.

Author(s):

Alberts, Christopher ; Dorofee, Audrey ; Stevens, James ; Woody, Carol

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Descriptive Note:

Final rept.

Supplementary Note:

This document is Volume 1 of the OCTAVE-S Implementation Guide, a 10-volume handbook supporting the OCTAVE-S methodology. This volume provides an overview of OCTAVE-S and is written for people who already have some familiarity with the basic concepts and principles of the OCTAVE approach. DOI: 10.21236/ADA453304

Pagination:

0040

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited. This Document Is Not Available From Dtic In Microfiche.

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

CMU/SEI-2003-HB-003

Contract/Grant Number(s):

F19628-00-C-0003

Monitor Series:

ESC/MA

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_8_Building Partnerships; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_8.2_Shape; JCA_5.3.2_Apply Situational Understanding; JCA_5.3.3_Develop Strategy; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_4.6_Engineering; JCA_1.2_Force Preparation; JCA_1_Force Support; JCA_6.4.1_Secure Information Exchange; JCA_4.6.1_General Engineering; JCA_6.4_Information Assurance; JCA_6_Net Centric; JCA_1.2.3_Educating; JCA_3.2_Engagement; JCA_3_Force Application; JCA_5.5_Direct; JCA_3.2.2_Non-Kinetic Means

Modernization Areas:

Cyber

Communities of Interest:

Cyber

Descriptor(s):

*METHODOLOGY, *ELECTRONIC SECURITY, *RISK ANALYSIS, *INFORMATION SECURITY, *RISK MANAGEMENT, ORGANIZATIONS, STRATEGIC ANALYSIS, THREATS, PLANNING, HANDBOOKS

Field(s)/Group(s):

Administration and Management, Computer Systems Management and Standards

Keyword(s):

CRITICAL ASSETS, THREAT PROFILES, INFRASTRUCTURE VULNERABILITIES, SECURITY STRATEGY, SECURITY RISKS, OPERATIONAL RISK, SECURITY PRACTICES

Report Date:

2004 Jan 01

Creation Date:

2006 Sep 20