Managing Information Security Risks: The OCTAVE Approach
July 2002 • Book
Christopher J. Alberts, Audrey J. Dorofee
In this book, the authors provide a systematic way to evaluate and manage information security risks through the use of the OCTAVE approach.
OCTAVE enables any organization to develop security priorities based on the organization's particular business concerns. This approach provides a coherent framework for aligning security actions with overall objectives. Managing Information Security Risks, written by the developers of OCTAVE, is the complete and authoritative guide to its principles and implementations. The book provides a systematic way to evaluate and manage information security risks, illustrates the implementation of self-directed evaluations, and shows how to tailor evaluation methods to different types of organizations.