OCTAVE® (Operationally Critical Threat, Asset, and
Vulnerability EvaluationSM) is a suite of tools,
techniques, and methods for risk-based information security strategic
assessment and planning.
OCTAVE Methods
There are three OCTAVE methods:
- the original OCTAVE method, which forms the basis for the OCTAVE body of knowledge
- OCTAVE-S, for smaller organizations
- OCTAVE-Allegro, a streamlined approach for information security assessment and assurance
OCTAVE methods are founded on the OCTAVE criteria—a standard
approach for a risk-driven and practice-based information security
evaluation. The OCTAVE criteria establish the fundamental principles
and attributes of risk management that are used by the OCTAVE
methods.
Features and benefits of OCTAVE methods
The OCTAVE methods are
- self-directed—Small teams of organizational
personnel across business units and IT work together to address the
security needs of the organization.
- flexible—Each method can be tailored to the
organization's unique risk environment, security and resiliency
objectives, and skill level.
- evolved—OCTAVE moved the organization toward an
operational risk-based view of security and addresses technology in a
business context.
If you want to learn more about OCTAVE, contact Joe McLeod at jmcleod@sei.cmu.edu.
