Download presentation
Presentation is loading. Please wait.
Published byCecil Hill Modified over 9 years ago
1
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense
2
S2-2 © 2001 Carnegie Mellon University OCTAVE SM Operationally Critical Threat, Asset, and Vulnerability Evaluation SM OCTAVE and Operationally Critical Threat, Asset, and Vulnerability Evaluation are service marks of Carnegie Mellon University.
3
S2-3 © 2001 Carnegie Mellon University OCTAVE Process Phase 1 Organizational View Phase 2 Technological View Phase 3 Strategy and Plan Development Tech. Vulnerabilities Planning Assets Threats Current Practices Org. Vulnerabilities Security Req. Risks Protection Strategy Mitigation Plans Operational Area Managers’ View
4
S2-4 © 2001 Carnegie Mellon University OCTAVE Principles Survivability of the organization’s mission Critical asset-driven threat and risk definition Practice-based risk mitigation plans and protection strategy Targeted data collection Organization-wide focus: using and establishing communication among and between organizational levels Foundation for future security improvement
5
S2-5 © 2001 Carnegie Mellon University Objectives of This Workshop To obtain the operational area management perspective on assets threats to the assets security requirements of the assets current protection strategy practices organizational vulnerabilities To select or confirm the key staff members to include in the evaluation
6
S2-6 © 2001 Carnegie Mellon University Role of Analysis Team To guide the activities and discussion of this workshop
7
S2-7 © 2001 Carnegie Mellon University Asset Something of value to the organization information systems software hardware people
8
S2-8 © 2001 Carnegie Mellon University Identifying Assets Discuss your important assets. Select the most important assets.
9
S2-9 © 2001 Carnegie Mellon University Threat An indication of a potential undesirable event
10
S2-10 © 2001 Carnegie Mellon University Areas of Concern Situations where you are concerned about a threat to your important information assets
11
S2-11 © 2001 Carnegie Mellon University Sources of Threat Deliberate actions by people Accidental actions by people System problems Other problems
12
S2-12 © 2001 Carnegie Mellon University Outcomes of Threats Disclosure or viewing of sensitive information Modification of important or sensitive information Destruction or loss of important information, hardware, or software Interruption of access to important information, software, applications, or services
13
S2-13 © 2001 Carnegie Mellon University Identifying Areas of Concern Discuss scenarios that threaten your important information assets. Discuss the resulting impact to the organization.
14
S2-14 © 2001 Carnegie Mellon University Security Requirements Outline the qualities of an asset that are important to protect: confidentiality integrity availability
15
S2-15 © 2001 Carnegie Mellon University Identifying Security Requirements Discuss the security requirements for each important asset. Select which security requirement is most important.
16
S2-16 © 2001 Carnegie Mellon University Protection Strategy Provides direction for future information security efforts Defines the strategies that an organization uses to enable security initiate security implement security maintain security
17
S2-17 © 2001 Carnegie Mellon University Protection Strategy Survey Yes – The practice is used by the organization. No – The practice is not used by the organization. Don’t know – Respondents do not know if the practice is used by the organization or not. Security issues are incorporated into the organization’s business strategy Yes No Don’t Know
18
S2-18 © 2001 Carnegie Mellon University Protection Strategy Discussion Discuss important issues from the survey. Discuss issues or protection strategy aspects not covered by the survey. Discuss how effective your organization’s protection strategy is.
19
S2-19 © 2001 Carnegie Mellon University Staff Will we be talking to the right staff members? Is there anyone else we should include?
20
S2-20 © 2001 Carnegie Mellon University Summary We have identified the operational area management perspective of assets threats to the assets security requirements of the assets current protection strategy practices organizational vulnerabilities
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.