Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

User's Guide

Introduction to the OCTAVE Approach

  • Abstract

    This document describes the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), an approach for managing information security risks. It presents an overview of the OCTAVE approach and briefly describes two OCTAVE-consistent methods developed at the Software Engineering Institute (SEI).

    The overall approach embodied in OCTAVE is described first, followed by a general description of the two methods: the OCTAVE Method for large organizations and OCTAVE-S1 for small organizations. Information is provided to assist the reader in differentiating between the two methods, including characteristics defining the target organization for each method as well as any constraints and limitations of each method. A series of questions is also provided to help readers determine which method is best for them. Readers are then directed to the appropriate Web site to download the method of their choice.

    It should be noted that some organizations may need a hybrid or a combination of the two methods, or a completely different version of OCTAVE. A final chapter discusses some of the possible alternate versions.

  • Download

Part of a Collection

OCTAVE-Related Assets