 |
Applying OCTAVE: Practitioners Report |
|||||||||||||||
Parent SEI ProgramNetworked Systems Survivability
Related PublicationsIntroducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process Sustaining Operational Resiliency: A Process Improvement Approach to Security Management
|
Author: Contributors: Technical Note |
|
||||||||||||||
|
The CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method, an approach for managing information security risks, was designed to be sufficiently flexible for organizations to address unique and highly contextual analysis needs through tailoring capabilities. This document describes how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs. Guidelines for successful tailoring, built on the reporting practitioners’ successes, are provided to help an organization fit the OCTAVE approach to their specific domain and organizational needs. The range of applications demonstrates the flexibility of the OCTAVE approach and its value in addressing security risk management. Readers should already be familiar with the general concepts of the OCTAVE approach. |
||||||||||||||||
 |
|
|
||||||||||||||
