OCTAVEsm Criteria, Version 2.0

Today, we rely on access to digital data that are accessible, dependable, and protected from misuse. Unfortunately, this need for accessible data also exposes organizations to a variety of new threats that can affect their information. The Operationally Critical Threat, Asset, and Vulnerability Eval...

Full description

Saved in:
Bibliographic Details
Main Authors: Alberts, Christopher J, Dorofee, Audrey J
Format: Report
Language:English
Subjects:
Computer Systems Management and Standards
DATA PROCESSING SECURITY
INFORMATION SECURITY
INFORMATION SECURITY RISK EVALUATION
INFORMATION SECURITY RISKS
OCTAVE SM
OPERATIONALLY CRITICAL THREAT ASSET AND VULNERABILITY EVALUATION
Operations Research
RISK
THREATS
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Today, we rely on access to digital data that are accessible, dependable, and protected from misuse. Unfortunately, this need for accessible data also exposes organizations to a variety of new threats that can affect their information. The Operationally Critical Threat, Asset, and Vulnerability Evaluation(Service Mark) (OCTAVE(Service Mark)) enables organizations to understand and address their information security risks. OCTAVE is led by a small, interdisciplinary team of an organization's personnel and focuses on an organization's assets and the risks to those assets. It is a comprehensive, systematic, context-driven, and self-directed evaluation approach. The essential elements of the OCTAVE approach are embodied in a set of criteria that define the requirements for OCTAVE. This report describes the OCTAVE criteria. The goal of this report is to define a general approach for evaluating and managing information security risks. Organizations can then develop methods that are consistent with the OCTAVE criteria.