OCTAVE-S Implementation Guide, Version 1

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organizations security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a small, interdisciplinary team (three to five people) of an organizations personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organizations unique operational security risks. To conduct OCTAVE-S effectively, the team must have broad knowledge of the organizations business and security processes, so it will be able to conduct all activities by itself.

PDF [10642 KB]

Authors

Christopher J. Alberts (CERT)

Audrey J. Dorofee

James F. Stevens

Carol Woody

This report is related to the following area(s) of work:

Security and Survivability

Handbook
CMU/SEI-2004-HB-003
January 2005

Cite This Report

SEI:

Alberts, Christopher; Dorofee, Audrey; Stevens, James; & Woody, Carol. OCTAVE-S Implementation Guide, Version 1 (CMU/SEI-2004-HB-003). Software Engineering Institute, Carnegie Mellon University, 2005. http://www.sei.cmu.edu/library/abstracts/reports/04hb003.cfm

IEEE:

C. Alberts, A. Dorofee, J. Stevens, and C. Woody, "OCTAVE-S Implementation Guide, Version 1," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Handbook CMU/SEI-2004-HB-003, 2005. http://www.sei.cmu.edu/library/abstracts/reports/04hb003.cfm

APA:

Alberts, C., Dorofee, A., Stevens, J., & Woody, C. (2005). OCTAVE-S Implementation Guide, Version 1 (CMU/SEI-2004-HB-003). Retrieved May 18, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/04hb003.cfm

CHI:

Alberts, Christopher, Audrey Dorofee, James Stevens, and Carol Woody. OCTAVE-S Implementation Guide, Version 1 (CMU/SEI-2004-HB-003). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://www.sei.cmu.edu/library/abstracts/reports/04hb003.cfm

MLA:

Alberts, C., Dorofee, A., Stevens, J., & Woody, C. 2005. OCTAVE-S Implementation Guide, Version 1 (Technical Report CMU/SEI-2004-HB-003). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/04hb003.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.