|
OCTAVE Founding Philosophy:
-
You cannot mitigate all information
security risks.
-
Your budget is limited. So are your
other resources.
-
You cannot prevent all determined,
skilled incursions.
-
You need to determine the best use
of your limited resources to ensure the survivability of your
enterprise.
What is Octave?
The OCTAVE risk assessment methodology is a self-directed,
documented, tested, proven and repeatable process for assessing the
organizational and technical risks to an information system. This
risk assessment methodology is an ideal complement to instituting an
enterprise risk management program in any organization.
Who uses it?
The OCTAVE methodology is currently being used to perform risk
assessments within government Agencies of many countries including
the U.S.
Department of Defense (DOD), and the UK Ministry of Defence (MOD)
Computer Emergency Response Team (CERT). OCTAVE is well established
in many other industries, including the health care industry
(supporting HIPAA compliance), banking and finance, insurance, and
critical infrastructure domains.
Why should you choose to use OCTAVE?
The OCTAVE Methodology’s combination of a Catalogue of Practices with
a tested, proven and repeatable process for assessing the
organizational and technical risks has been shown to be well-suited
to giving entities a solid start in risk assessment; assessment of
threats, and risk management. The OCTAVE methodology is
self-directed and tailorable, so may be used as the foundation risk assessment component/process
for other Risk Assessment methodologies.
RESOURCES:
Visit
our Training Page for more
information regarding on-site deliveries.
Visit
our Keys to Success for more
information regarding tailoring and an example of an engagement
approach.
Visit our
OCTAVE Tools page to learn about our tools and templates.
Visit
our Papers and Publications page for more OCTAVE Resources.
Contact us
for a no obligation discussion.
|
