OCTAVE-S (Registered) Implementation Guide, Version 1.0. Volume 1: Introduction to OCTAVE-S

摘要

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE ) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organization's security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a small, interdisciplinary team (three to five people) of an organization's personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organization's unique operational security risks. To conduct OCTAVES effectively, the team must have broad knowledge of the organization's business and security processes, so it will be able to conduct all activities by itself.