Presentation is loading. Please wait.

Presentation is loading. Please wait.

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Published byFrancisco Latter Modified over 9 years ago

Similar presentations

Presentation on theme: "S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,"— Presentation transcript:

1 S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense

2 S3-2 © 2001 Carnegie Mellon University OCTAVE SM Operationally Critical Threat, Asset, and Vulnerability Evaluation SM OCTAVE and Operationally Critical Threat, Asset, and Vulnerability Evaluation are service marks of Carnegie Mellon University.

3 S3-3 © 2001 Carnegie Mellon University OCTAVE Process Phase 1 Organizational View Phase 2 Technological View Phase 3 Strategy and Plan Development Tech. Vulnerabilities Planning Assets Threats Current Practices Org. Vulnerabilities Security Req. Risks Protection Strategy Mitigation Plans Staff Members’ View

4 S3-4 © 2001 Carnegie Mellon University OCTAVE Principles Survivability of the organization’s mission Critical asset-driven threat and risk definition Practice-based risk mitigation plans and protection strategy Targeted data collection Organization-wide focus: using and establishing communication among and between organizational levels Foundation for future security improvement

5 S3-5 © 2001 Carnegie Mellon University Objectives of This Workshop To obtain the staff perspective on assets threats to the assets security requirements of the assets current protection strategy practices organizational vulnerabilities

6 S3-6 © 2001 Carnegie Mellon University Role of Analysis Team To guide the activities and discussion of this workshop

7 S3-7 © 2001 Carnegie Mellon University Asset Something of value to the organization information systems software hardware people

8 S3-8 © 2001 Carnegie Mellon University Identifying Assets Discuss your important assets. Select the most important assets.

9 S3-9 © 2001 Carnegie Mellon University Threat An indication of a potential undesirable event

10 S3-10 © 2001 Carnegie Mellon University Areas of Concern Situations where you are concerned about a threat to your important information assets

11 S3-11 © 2001 Carnegie Mellon University Sources of Threat Deliberate actions by people Accidental actions by people System problems Other problems

12 S3-12 © 2001 Carnegie Mellon University Outcomes of Threats Disclosure or viewing of sensitive information Modification of important or sensitive information Destruction or loss of important information, hardware, or software Interruption of access to important information, software, applications, or services

13 S3-13 © 2001 Carnegie Mellon University Identifying Areas of Concern Discuss scenarios that threaten your important information assets. Discuss the resulting impact to the organization.

14 S3-14 © 2001 Carnegie Mellon University Security Requirements Outline the qualities of an asset that are important to protect: confidentiality integrity availability

15 S3-15 © 2001 Carnegie Mellon University Identifying Security Requirements Discuss the security requirements for each important asset. Select which security requirement is most important.

16 S3-16 © 2001 Carnegie Mellon University Protection Strategy Provides direction for future information security efforts Defines the strategies that an organization uses to enable security initiate security implement security maintain security

17 S3-17 © 2001 Carnegie Mellon University Protection Strategy Survey Yes – The practice is used by the organization. No – The practice is not used by the organization. Don’t know – Respondents do not know if the practice is used by the organization or not. Security issues are incorporated into the organization’s business strategy Yes No Don’t Know

18 S3-18 © 2001 Carnegie Mellon University Protection Strategy Discussion Discuss important issues from the survey. Discuss issues or protection strategy aspects not covered by the survey. Discuss specific security policies, procedures, and practices that are unique to certain assets Discuss how effective your organization’s protection strategy is.

19 S3-19 © 2001 Carnegie Mellon University Summary We have identified the information technology staff perspective of assets threats to the assets security requirements of the assets current protection strategy practices organizational vulnerabilities

Download ppt "S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,"

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
© 2005 by Carnegie Mellon University Version 1.0 The Security Professionals Conference. - page 1 Pittsburgh, PA 15213-3890 Ways to Fit Security Risk Management.

© 2005 by Carnegie Mellon University Version 1.0 The Security Professionals Conference. - page 1 Pittsburgh, PA Ways to Fit Security Risk Management.
Sponsored by the U.S. Department of Defense © 2004 by Carnegie Mellon University page 1 Pittsburgh, PA 15213-3890 Integrating Domain Specific Modeling.

Sponsored by the U.S. Department of Defense © 2004 by Carnegie Mellon University page 1 Pittsburgh, PA Integrating Domain Specific Modeling.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1998 by Carnegie Mellon.

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1998 by Carnegie Mellon.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
What Is My Role in Information Survivability? Why Should I Care? Julia H. Allen Networked Systems Survivability CERT ® Coordination Center Software Engineering.

What Is My Role in Information Survivability? Why Should I Care? Julia H. Allen Networked Systems Survivability CERT ® Coordination Center Software Engineering.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Copyright © 1997 Carnegie Mellon University Introduction to the Personal Software Process - Lecture 1 1 Introduction to the Personal Software Process Lecture.

Copyright © 1997 Carnegie Mellon University Introduction to the Personal Software Process - Lecture 1 1 Introduction to the Personal Software Process Lecture.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 28 Slide 1 Process Improvement.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 28 Slide 1 Process Improvement.
Information Systems Risk Analysis and Management Spyros Kokolakis University of the Aegean IPICS 2005, Chios, 18-29 July 2005.

Information Systems Risk Analysis and Management Spyros Kokolakis University of the Aegean IPICS 2005, Chios, July 2005.
23 January 2003© All rights Reserved, 2002 Understanding Facilitated Risk Analysis Process (FRAP) and Security Policies for Organizations Infocomm Security.

23 January 2003© All rights Reserved, 2002 Understanding Facilitated Risk Analysis Process (FRAP) and Security Policies for Organizations Infocomm Security.
Pittsburgh, PA 15213-3890 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense.

Pittsburgh, PA Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense.

Similar presentations

Ads by Google