15
OCTAVE Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Effective security risk evaluation Considers both organizational and technological issues Self-directed

Octave IRM

Tags:

Embed Size (px)

DESCRIPTION

Octave and S Ovctave

Citation preview

Page 1: Octave IRM

OCTAVE

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

Effective security risk evaluation Considers both organizational and technological

issues Self-directed

Page 2: Octave IRM

Characteristics Identify information-related assets Focus risk analysis activities on critical assets Consider the relationships among critical assets, the

threats to those assets, and vulnerabilities Evaluate risks in an operational context - how they are

used to conduct an organization’s business Create a protection strategy for risk mitigation

Page 3: Octave IRM

OCTAVE Process

Page 4: Octave IRM

CriteriaPrinciple

Fundamental concepts driving the nature of the evaluation, and defining the philosophy behind the evaluation process

AttributeDistinctive qualities, or characteristics, of the

evaluationOutput

Define the outcomes that an analysis team must achieve during each phase

Page 5: Octave IRM

Principle AttributesSelf-Direction Analysis team

Augmenting analysis team skills

Adaptable measures Catalog of practicesGeneric threat profileCatalog of vulnerabilities

Defined process Defined evaluation activitiesDocumented evaluation resultsEvaluation scope

Forward-looking view Focus on risk

Foundation for a continuous process

Next stepsFocused activitiesSenior management participation

Page 6: Octave IRM

Principle AttributesIntegrated management Organizational and

technological issuesBusiness and information technology participationSenior management participation

Open communication Collaborative approach

Global perspective Organizational and technological issuesBusiness and information technology participation

Teamwork Analysis teamAugmenting analysis team skillsBusiness and information technology participation

Page 7: Octave IRM

Outputs

Page 8: Octave IRM

Risk EvaluationIt is a process that can help you meet the

objectivesChange from a reactive, problem-based

approach to proactive prevention of problemsConsider security from multiple perspectivesEstablish a flexible infrastructure at all levels of

the organization capable of responding rapidly to changing technology and security needs

Initiate an ongoing, continual effort to maintain and improve its security posture

Page 9: Octave IRM

Evaluation Activitiesidentify the organization’s information

security risks analyze the risks to determine priorities plan for improvement by developing a

protection strategy for organizational improvementand risk mitigation plans to reduce the risk to the organization’s critical assets

Page 10: Octave IRM

Introduction to the OCTAVE Approachplan how to implement the protection strategy and

risk mitigation plans by developing detailed action plans (This activity can include a detailed cost-benefit analysis among

strategies and actions, and it results in detailed implementation plans.)

implement the detailed action plansmonitor the action plans for schedule and for

effectiveness (This activity includes monitoring risks for any changes.)

control variations in plan execution by taking appropriate corrective actions

Page 11: Octave IRM

OCTAVE and Risk Management Activities

Page 12: Octave IRM

Octave PhasesPhase 1: Build Asset-Based Threat Profiles

Process 1: Identify Senior Management Knowledge Process 2: Identify Operational Area Knowledge Process 3: Identify Staff Knowledge Process 4: Create Threat Profiles

Phase 2: Identify Infrastructure Vulnerabilities Process 5: Identify Key Components Process 6: Evaluate Selected Components

Phase 3: Develop Security Strategy and Plans Process 7: Conduct Risk Analysis Process 8: Develop Protection Strategy

Page 13: Octave IRM

Octave-S PhasesPhase 1:Build Asst Based Threat Profiles

Pr1-Identify organizational information Establish impact evaluation criteria [33] Identify organizational assets[45] Evaluate organizational security practices[51]

Pr2-Create Threat Profiles Select Critical Assets[83,87] Identify security requirements for critical assets Identify threats to critical assets[91,131]

Page 14: Octave IRM

Octave-S PhasesPhase 2:Identify Infrastructure

vulnerabilitiesPr3: Examine the computing infrastructure in

relation to critical assets [139] Examine access paths Analyse technology related processes

Phase3:Develop security strategy and plansPr4:Identify and analyse risks

Evaluate impact of threats[33] Evaluate probability evaluation criteria[149] Evaluate probabilities of threats[149]

Page 15: Octave IRM

Octave-S PhasesPr5:Develop protection strategy and mitigation

plans Describe current protection strategy[51] Select mitigation approaches[51] Develop risk mitigation plans[181] Identify changes to protection strategy[153] Identify next steps[195]


Irena Setinšek, IRM Mediana Janez Jereb, IRM Mediana

Irena Setinšek, IRM Mediana Janez Jereb, IRM Mediana

Documents
Cambridge Rocketry Toolbox for Octave - SourceForgecambridgerocket.sourceforge.net/CRT_InstructionManual.pdf · Cambridge Rocketry Toolbox for Octave ... The Octave High Power Rocket

Cambridge Rocketry Toolbox for Octave - SourceForgecambridgerocket.sourceforge.net/CRT_InstructionManual.pdf · Cambridge Rocketry Toolbox for Octave ... The Octave High Power Rocket

Documents
Slides Octave

Slides Octave

Documents
Octave Gui

Octave Gui

Documents
18 Tips of IRM - Making IRM Work for You

18 Tips of IRM - Making IRM Work for You

Technology
Pengenalan GNU Octave - IlmuKomputerMatlab. Sumber informasi mengenai Octave dapat dilihat pada website . ... Octave juga dilengkapi dengan dokumentasi yang menjelaskan program Octave

Pengenalan GNU Octave - IlmuKomputerMatlab. Sumber informasi mengenai Octave dapat dilihat pada website . ... Octave juga dilengkapi dengan dokumentasi yang menjelaskan program Octave

Documents
Multi Octave

Multi Octave

Documents
Librerias Octave

Librerias Octave

Documents
OCTAVE - PECB · 2 OCTAVE // RISK ASSESSMENT WITH OCTAVE CONTENT ____ Introduction About OCTAVE History OCTAVE ALLEGRO RoadMap Steps How to use OCTAVE? Preparing for OCTAVE

OCTAVE - PECB · 2 OCTAVE // RISK ASSESSMENT WITH OCTAVE CONTENT ____ Introduction About OCTAVE History OCTAVE ALLEGRO RoadMap Steps How to use OCTAVE? Preparing for OCTAVE

Documents
Octave Manual

Octave Manual

Documents
Qprogramming Octave

Qprogramming Octave

Documents
Eine kurze Einführung in Octave - ganymed.math.uni ...lehre/SS12/numerik0/octave... · Matthias Klinger, Jevgeni Vihharev Octave Einf uhrung Ubersicht Organisatorisches Was ist Octave???

Eine kurze Einführung in Octave - ganymed.math.uni ...lehre/SS12/numerik0/octave... · Matthias Klinger, Jevgeni Vihharev Octave Einf uhrung Ubersicht Organisatorisches Was ist Octave???

Documents
Modulo Octave

Modulo Octave

Documents
Kullak - The School of Octave Playing (Seven Octave-studies)

Kullak - The School of Octave Playing (Seven Octave-studies)

Documents
Étude du développement cérébral par IRM conventionnelle, IRM de diffusion et IRM fonctionnelle

Étude du développement cérébral par IRM conventionnelle, IRM de diffusion et IRM fonctionnelle

Documents
Product Data Sheet: Third-octave and Octave Band Pass ...meteosat.pessac.free.fr/IMA/ressources/tp_avio/TP... · Third-octave and octave filters to IEC225–1966, DIN45651 and 45652,

Product Data Sheet: Third-octave and Octave Band Pass ...meteosat.pessac.free.fr/IMA/ressources/tp_avio/TP... · Third-octave and octave filters to IEC225–1966, DIN45651 and 45652,

Documents
GNU Octave A free high-level tool for Scientific Computing · Octave and Matlab Octave and C++ Octave and Parallel Computing PDEs in Octave-Forge cdf, jgh | GNU Octave A free high-level

GNU Octave A free high-level tool for Scientific Computing · Octave and Matlab Octave and C++ Octave and Parallel Computing PDEs in Octave-Forge cdf, jgh | GNU Octave A free high-level

Documents
Octave - Documentação

Octave - Documentação

Documents
Octave Allegro

Octave Allegro

Documents
Apresentação OCTAVE

Apresentação OCTAVE

Documents
IRM Case Studybox5565.temp.domains/.../01/IRM-Case-Study-FINAL-.pdf · IRM Case Study Ryan Wettersten * IRM = Influencer Relationship Management ... spark BLP conversation, participation

IRM Case Studybox5565.temp.domains/.../01/IRM-Case-Study-FINAL-.pdf · IRM Case Study Ryan Wettersten * IRM = Influencer Relationship Management ... spark BLP conversation, participation

Documents
BricoTahe Octave Kit Building Manual - effect pedal …...BricoTahe Octave Kit Building Manual Effect Pedal Kits: BricoTahe Octave Looking for this distinctive octave sound with some

BricoTahe Octave Kit Building Manual - effect pedal …...BricoTahe Octave Kit Building Manual Effect Pedal Kits: BricoTahe Octave Looking for this distinctive octave sound with some

Documents
Notas Octave

Notas Octave

Documents
Octave Mirbeau

Octave Mirbeau

Documents
OCTAVE Briefing

OCTAVE Briefing

Documents
IRM et Database des images IRM cérébrales

IRM et Database des images IRM cérébrales

Documents
IRM de diffusion IRM de perfusion

IRM de diffusion IRM de perfusion

Documents
State of Delaware Department of Technology and Information ... Forms/IRM Designation.pdfThe primary IRM is a . member of the IRM Council. An Alternate IRM, if designated on the IRM

State of Delaware Department of Technology and Information ... Forms/IRM Designation.pdfThe primary IRM is a . member of the IRM Council. An Alternate IRM, if designated on the IRM

Documents
Teoria05 Octave

Teoria05 Octave

Documents
(Irrigation Resistant Matrix) - NovaBoneNovaBone - IRM NP0601 1cc, IRM NP0602 2.5cc, IRM NP0605 5cc, IRM NP0610 10cc, IRM NovaBone MIS Delivery NP6600 MIS Handle NP6650 MIS 5cc Cartridge,

(Irrigation Resistant Matrix) - NovaBoneNovaBone - IRM NP0601 1cc, IRM NP0602 2.5cc, IRM NP0605 5cc, IRM NP0610 10cc, IRM NovaBone MIS Delivery NP6600 MIS Handle NP6650 MIS 5cc Cartridge,

Documents