Professional Documents
Culture Documents
Octave: Senior Management Briefing
Octave: Senior Management Briefing
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense
2001 by Carnegie Mellon University
PSM-1
OCTAVE
SM
Operationally Critical Threat, Asset, and Vulnerability Evaluation and OCTAVE are service marks of Carnegie Mellon University.
2001 by Carnegie Mellon University
PSM-2
OCTAVE Goals
Organizations are able to direct and manage information security risk assessments for themselves make the best decisions based on their unique risks focus on protecting key information assets effectively communicate key security information
PSM-3
PSM-4
Purpose of Briefing
To set expectations To discuss the benefits of using the evaluation To describe the OCTAVE Method and its resource requirements To gain your commitment to conduct an OCTAVE evaluation
PSM-5
PSM-6
PSM-7
Security Approaches
Vulnerability Management (Reactive) Identify and fix vulnerabilities Risk Management (Proactive) Identify and manage risks Reactive
Proactive
2001 by Carnegie Mellon University
PSM-8
Tool-Based Analysis
Interaction Required
2001 by Carnegie Mellon University
PSM-9
OCTAVE Process
Phase 1 Organizational Assets Threats View
PSM-10
Workshop Structure
A team of site personnel facilitates the workshops. Contextual expertise is provided by your staff. Activities are driven by your staff. Decisions are made by your staff.
PSM-11
Conducting OCTAVE
OCTAVE Process Analysis Team
time
An interdisciplinary team of your personnel that facilitates the process and analyzes data business or mission-related staff information technology staff
2001 by Carnegie Mellon University
PSM-12
Phase 1 Workshops
Process 1: Identify Senior Management Knowledge Process 2: (multiple) Identify Operational Area Management Knowledge Different views of Critical assets, Areas of concern, Security requirements, Current protection strategy practices, Organizational vulnerabilities
Phase 2 Workshops
Process 5: Identify Key Components Key components for critical assets
PSM-14
Phase 3 Workshops
Process 7: Conduct Risk Analysis Risks to critical assets
PSM-15
Outputs of OCTAVE
Protection Strategy Organization
Mitigation Plan
Assets
Action List
2001 by Carnegie Mellon University
Near-Term Actions
PSM-16
PSM-17
All Participants & Analysis Team Senior Managers & Analysis Team Operational Area Managers & Analysis Team
Analysis Team
PSM-18
Analysis Team & Selected Staff Senior Managers & Analysis Team All Participants & Analysis Team
PSM-19
PSM-20
Next Steps
Identify analysis team members. Identify key operational areas. Select workshop participants: senior managers operational area managers staff members Establish the OCTAVE schedule.
PSM-21