Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Managing Information Security Risks: The OCTAVE (SM) Approach Review by Ben Rothke
Great book about a great security methodology
OCTAVE--which stands for Operationally Critical Threat, Asset and Vulnerability Evaluation--is a methodology for independent information-security risk evaluations. An outgrowth of the Computer Emergency Response Team at Carnegie Mellon University, OCTAVE attempts to help organizations balance the risks of information systems with the business need to deploy these systems. This book is a solid explanation of OCTAVE.
The authors detail the methods to implement OCTAVE, create threat profiles, conduct a risk analysis, develop strategy, and so on. All steps to ensure that risk is adequately addressed are presented.
Most useful for the practitioner are the book's numerous case studies and worksheets and its catalog of the eight OCTAVE processes. A caveat: it is unwise to fill out the worksheets without first reading the book. Doing OCTAVE right means no shortcuts. Also, the reader shouldn't think that this approach can be implemented by a single person in a few days.
In sum, while the prose doesn't exactly sing, it does strike the appropriate tone for this excellent presentation on OCTAVE.