Chapter 5. Identifying Organizational Knowledge (Processes 1 to 3)
OCTAVE is an evaluation that examines operational information security risk. The evaluation starts by focusing on operational issues in the organization. In this method processes 1 to 3 mark the beginning of phase 1, Build Asset-Based Threat Profiles. In these processes you gather multiple perspectives about information security based on the knowledge of the people in the organization.
One of the objectives of phase 1 is to create an organizational, or global, perspective of operational security issues. To do this, you need to elicit individual views about security issues and then consolidate them into an organizational perspective, creating a foundation for all subsequent analysis activities in the evaluation.