Team LiB   Previous Section   Next Section

Chapter 5. Identifying Organizational Knowledge (Processes 1 to 3)

OCTAVE is an evaluation that examines operational information security risk. The evaluation starts by focusing on operational issues in the organization. In this method processes 1 to 3 mark the beginning of phase 1, Build Asset-Based Threat Profiles. In these processes you gather multiple perspectives about information security based on the knowledge of the people in the organization.

One of the objectives of phase 1 is to create an organizational, or global, perspective of operational security issues. To do this, you need to elicit individual views about security issues and then consolidate them into an organizational perspective, creating a foundation for all subsequent analysis activities in the evaluation.


5.1 Overview of Processes 1 to 3

5.2 Identify Assets and Relative Priorities

5.3 Identify Areas of Concern

5.4 Identify Security Requirements for Most Important Assets

5.5 Capture Knowledge of Current Security Practices and Organizational Vulnerabilities

    Team LiB   Previous Section   Next Section