Managing Information Security Risks: The OCTAVE Approach

Front Cover
Addison-Wesley Professional, 2002 - Business & Economics - 471 pages
1 Review
This is a descriptive and process-oriented book on a new security risk evaluation method, OCTAVE. OCTAVE stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation "SM." An information security risk evaluation helps organizations evaluate organizational practice as well as the installed technology base and to make decisions based on potential impact.
  

What people are saying - Write a review

User Review - Flag as inappropriate

We're aligning towards ISO 27001 at work and chose the OCTAVE approach to satisfy the risk management components. The downloadable OCTAVE material is great but I was left confused and overwhelmed partly because this was my first encounter with RM and OCTAVE. After reading this book everything fell into place and the timelines and flows just clicked.
The book is well written, easy to follow and concise.
 

Contents

V
1
VI
3
VII
4
VIII
8
IX
11
X
17
XI
18
XIII
21
LXXX
232
LXXXI
235
LXXXII
237
LXXXIII
239
LXXXIV
241
LXXXV
242
LXXXVI
245
LXXXVIII
250

XIV
22
XV
24
XVI
25
XVII
34
XVIII
35
XIX
36
XX
37
XXI
41
XXII
43
XXIII
44
XXIV
45
XXV
46
XXVI
48
XXVII
49
XXVIII
52
XXX
54
XXXI
56
XXXII
59
XXXIII
60
XXXIV
61
XXXV
64
XXXVI
68
XXXVII
69
XXXVIII
73
XXXIX
76
XL
81
XLI
82
XLII
87
XLIII
93
XLIV
97
XLV
103
XLVI
109
XLVII
110
XLVIII
118
XLIX
122
L
125
LI
128
LII
137
LIII
138
LIV
142
LV
150
LVI
157
LVII
158
LVIII
161
LIX
165
LX
169
LXI
170
LXII
172
LXIII
175
LXIV
180
LXV
184
LXVII
187
LXVIII
191
LXIX
192
LXX
194
LXXI
199
LXXII
201
LXXIII
208
LXXIV
217
LXXV
220
LXXVI
227
LXXVII
228
LXXVIII
230
LXXIX
231
LXXXIX
255
XC
256
XCI
257
XCIII
259
XCIV
265
XCV
267
XCVI
270
XCVII
272
XCVIII
275
XCIX
276
C
279
CI
281
CII
282
CIII
283
CIV
284
CV
285
CVI
286
CVII
288
CVIII
290
CIX
293
CX
301
CXI
311
CXII
312
CXIV
316
CXV
317
CXVI
320
CXVII
322
CXVIII
327
CXIX
330
CXX
335
CXXI
340
CXXII
341
CXXIII
343
CXXIV
344
CXXV
363
CXXVII
365
CXXVIII
367
CXXIX
369
CXXX
370
CXXXI
371
CXXXII
374
CXXXIII
378
CXXXIV
381
CXXXV
386
CXXXVI
389
CXXXVII
390
CXXXVIII
391
CXXXIX
393
CXL
399
CXLI
400
CXLII
402
CXLIII
404
CXLIV
406
CXLV
407
CXLVI
410
CXLVII
412
CXLIX
415
CLI
435
CLII
441
CLIII
443
CLIV
457
CLV
461
Copyright

Common terms and phrases

References to this book

All Book Search results »

About the author (2002)

Christopher Alberts is a senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute (SEI). He and Audrey Dorofee are the principal developers of OCTAVE. Before joining the SEI, Christopher was a scientist at Carnegie Mellon Research Institute, where he developed mobile robots for hazardous environments. He also worked at AT&T Bell Laboratories, where he designed information systems to support AT&T's advanced manufacturing processes.

Audrey Dorofee is a senior member of the technical staff in the Networked Systems Survivability Program at the Software Engineering Institute (SEI). She and Christopher Alberts are the principal developers of OCTAVE. Audrey previously was project lead for risk management in the Risk Program at the SEI. Prior to joining the SEI, she worked for the MITRE Corporation, supporting various projects for NASA, including Space Station software environments, user interfaces, and expert systems.



0321118863AB04152002

Bibliographic information