OCTAVE® (Operationally Critical Threat, Asset, and
Vulnerability EvaluationSM) is a suite of tools,
techniques, and methods for risk-based information security strategic
assessment and planning.
There are three OCTAVE methods:
- the original OCTAVE method, which forms the basis for the OCTAVE body of knowledge
- OCTAVE-S, for smaller organizations
- OCTAVE-Allegro, a streamlined approach for information security assessment and assurance
OCTAVE methods are founded on the OCTAVE criteriaa standard
approach for a risk-driven and practice-based information security
evaluation. The OCTAVE criteria establish the fundamental principles
and attributes of risk management that are used by the OCTAVE
Features and benefits of OCTAVE methods
The OCTAVE methods are
- self-directedSmall teams of organizational
personnel across business units and IT work together to address the
security needs of the organization.
- flexibleEach method can be tailored to the
organization's unique risk environment, security and resiliency
objectives, and skill level.
- evolvedOCTAVE moved the organization toward an
operational risk-based view of security and addresses technology in a
If you want to learn more about OCTAVE, contact Joe McLeod at firstname.lastname@example.org.