Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Handbook

OCTAVE-S Implementation Guide, Version 1

  • Abstract

    The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) approach defines a risk-based strategic assessment and planning technique for security. OCTAVE is a self-directed approach, meaning that people from an organization assume responsibility for setting the organizations security strategy. OCTAVE-S is a variation of the approach tailored to the limited means and unique constraints typically found in small organizations (less than 100 people). OCTAVE-S is led by a small, interdisciplinary team (three to five people) of an organizations personnel who gather and analyze information, producing a protection strategy and mitigation plans based on the organizations unique operational security risks. To conduct OCTAVE-S effectively, the team must have broad knowledge of the organizations business and security processes, so it will be able to conduct all activities by itself.

  • Download

Part of a Collection

OCTAVE-Related Assets