Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 6 OCTAVE.

Published byDwayne Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 6 OCTAVE."— Presentation transcript:

1 Lecture 6 OCTAVE

2 Octave Why? OCTAVE Other Evaluations Organization evaluation
Key Differences Between OCTAVE and Other Approaches OCTAVE Other Evaluations Organization evaluation System evaluation Focus on security practices Focus on technology Strategic issues Tactical issues Self direction Expert led

3 Examples

4 Examples

5 Example 1 Risks: Cost to correct data: $1,000,000
disclosure of company confidential information, computation based on incorrect data Cost to correct data: $1,000,000 @10%liklihood per year: $100,000 Effectiveness of access control sw:60%: -$60,000 Cost of access control software: +$25,000 Expected annual costs due to loss and controls: $100,000 - $60,000 + $25,000 = $65,000 Savings: $100,000 - $65,000 = $35,000 5

6 Example 2 Control cost Hardware +$10,000 Software +$4,000 Support personnel +$40,000 Annual cost $54,000 Expected annual cost ( ) $54,000 Savings (6000 – 54,000) -$48,000 6

7 Example 1: Risk = Likelihood x Impact

8 Example 2: Risk Rating Matrix 1

9 Example 3: Risk Rating Matrix 2

10 References Joseph G. Boyce Dan W. Jennings, Information Assurance - Managing Organizational IT Security Risks, Elsevier Science, 2002

11 Wise man looking on us

Download ppt "Lecture 6 OCTAVE."

Similar presentations

Role, Responsibilities and Methodologies in the Next Decade.

Role, Responsibilities and Methodologies in the Next Decade.
Used to Procure Goods & Supplies. Office supplies Operating supplies Computer hardware and software (non- capitalized

Used to Procure Goods & Supplies. Office supplies Operating supplies Computer hardware and software (non- capitalized
Kai H. Chang COMP 6710 Course NotesSlide CMMI-1 Auburn University Computer Science and Software Engineering Capability Maturity Model Integration - CMMI.

Kai H. Chang COMP 6710 Course NotesSlide CMMI-1 Auburn University Computer Science and Software Engineering Capability Maturity Model Integration - CMMI.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.

The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.
OPM Cybersecurity Competencies by Occupation (Technical Competencies) 2210085508540391 Information Technology Management Series Electronics Engineering.

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.
SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.

SERC Security Systems Engineering Initiative Dr. Clifford Neuman, Director USC Center for Computer Systems Security Information Sciences Institute University.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Overview and Introduction

Overview and Introduction
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Controls for Information Security

Controls for Information Security

Similar presentations

Ads by Google