|
|
OrganizationOrganizational ChartProjectsSIMPLIP3 ServicesSecurity AssessmentsFirewall Management Security Training Security Consulting Email Encryption ResourcesDocumentsGlossary KU IT Policy Copyright Issues (DMCA) Be SeKUre blog Security IssuesAntivirusSpam Spyware Identity Theft Contact ITSOContact UsReport Spam Firewall Request Form Report a Security Incident Other Security SitesSANSInternet Storm Center CERT SANS Reading Room |
The Octave® Method
How it works
OCTAVE is a flexible and self-directed risk assessment methodology. A small team of people from the operational (or business) units and the IT department work together to address the security needs of the organization. The team draws on the knowledge of many employees to define the current state of security, identify risks to critical assets, and set a security strategy. It can be tailored for most organizations.
Unlike most other risk assessment method the OCTAVE approach is driven by operational risk and security practices and not technology. It is designed to allow an organization to:
The Structure of OCTAVE
The OCTAVE method is based on eight processes that are broken into three phases. In the Higher Education space it is usually preceded by an exploratory phase (known as Phase Zero) to determine the criteria that will be used during the application of the OctaveŽ method. The three phases of OCTAVE®
Resources
http://www.cert.org/octave
|
     |
|
Information Technology Security Office A Division of Information Services The University of Kansas Lawrence, KS 66045 785/864-9003 |
Contact Us : Copyright © 2007 by the University of Kansas : DMCA |
The IT Security Office uses a method for managing information security risks based on the "Operationally Critical Threat, Asset, and Vulnerability EvaluationSM" (OCTAVE®) method. The OCTAVE® method was developed by the Software Engineering Institute (SEI) at Carnegie Mellon University on behalf of the Department of Defense.