Part I provides an executive overview of self-directed information security risk evaluations and how they fit into the overall management of information security risks. Specifically, it introduces the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE[SM]) approach to assessments and the OCTAVE Method. Chapter 1 gives background on information security risk evaluations and the OCTAVE approach to assessing information security risks. Chapter 2 discusses the principles, attributes, and outputs that define a comprehensive, self-directed evaluation.
