Octave risk assessment tool

Compliance to IT standards There is a compliance with a national or international standard. Trial before purchase Details regarding the evaluation period if any before purchase of the product. Maturity level of the Information system The product gives a means of measurement for the maturity of the information system security. Tools supporting the method List of tools that support the product. Technical integration of available tools Particular supporting tools see C-7 can be integrated with other tools.

Organisation processes integration The method provides interfaces to existing processes within the organisation. Method provides interfaces to other organisational processes : Information Assurance. Flexible knowledge databases It is possible to adapt a knowledge database specific to the activity domain of the company. We use cookies on our website to support technical features that enhance your user experience. We also use analytics. To opt-out from analytics, click for more information.

Flexibility of tool's database Can the database be customized and adapted to client requirements? We use cookies on our website to support technical features that enhance your user experience. We also use analytics. To opt-out from analytics, click for more information. Navigation menu. The tool assists the user during the data collection phase, organizes collected information and finally produces the study reports. A demonstration as well as a trial version is available for evaluation.

Survey : Replaced some of the interview sessions with an organization focused survey. Share this page. Was this page helpful? Your feedback can help us maintain or improve our content. The approach is defined by a method implementation guide procedures, guidance, worksheets, information catalogs and training.

The method is performed in a series of workshops conducted and facilitated by an interdisciplinary analysis team drawn from business units throughout the organization e. More specifically, it was designed for organizations that have a multi-layered hierarchy maintain their own computing infrastructure have the ability to run vulnerability evaluation tools have the ability to interpret the results of vulnerability evaluations As described above, the OCTAVE method is performed in three phases.

Thus, OCTAVE-S does not rely on formal knowledge elicitation workshops to gather information because it is assumed that the analysis team typically consisting of three to five people has working knowledge of the important information-related assets, security requirements, threats, and security practices of the organization. Security concepts are embedded in the OCTAVE-S worksheets and guidance, allowing less experienced risk and security practitioners to address a broad range of risks with which they may not have familiarity.

Because small organizations may not have the resources to obtain and execute vulnerability tools, OCTAVE-S was designed to include a limited examination of infrastructure risks so as to remove a potential barrier to adoption. This approach differs from previous OCTAVE approaches by focusing primarily on information assets in the context of how they are used, where they are stored, transported, and processed, and how they are exposed to threats, vulnerabilities, and disruptions as a result.

Like previous methods, OCTAVE Allegro can be performed in a workshop-style, collaborative setting and is supported with guidance, worksheets, and questionnaires, which are included in the appendices of this document.

However, OCTAVE Allegro is also well suited for use by individuals who want to perform risk assessment without extensive organizational involvement, expertise, or input. In phase 1, the organization develops risk measurement criteria consistent with organizational drivers.