connect. communicate. collaborate.
  • Home
  • OCTAVE Method of Security Assessment

OCTAVE Method of Security Assessment

The KU IT Security Office uses a method for managing information security risks based on the "Operationally Critical Threat, Asset and Vulnerability Evaluation" (OCTAVE) method. The OCTAVE method was developed by the Software Engineering Institute (SEI) at Carnegie Mellon University on behalf of the Department of Defense.

How it Works

OCTAVE is a flexible and self-directed risk assessment methodology. A small team of people from the operational (or business) units and the IT department work together to address the security needs of the organization. The team draws on the knowledge of many employees to define the current state of security, identify risks to critical assets, and set a security strategy. It can be tailored for most organizations.

Unlike most other risk assessment methods the OCTAVE approach is driven by operational risk and security practices and not technology. It is designed to allow an organization to:

  •     Direct and manage information security risk assessments for themselves
  •     Make the best decisions based on their unique risks
  •     Focus on protecting key information assets
  •     Effectively communicate key security information


The Structure of OCTAVE

The OCTAVE method is based on eight processes that are broken into three phases. In the higher education organizations, it is usually preceded by an exploratory phase (known as Phase Zero) to determine the criteria that will be used during the application of the Octave method.

The three phases of OCTAVE are:

  •     Phase 1: Develop initial security strategies
  •     Phase 2: Technological view — Identify infrastructure vulnerabilities
  •     Phase 3: Risk analysis — Develop security strategy and plans


Resources

www.cert.org/octave


KU IT on Twitter  KU IT on Facebook  KU IT on Instagram

11/17/2017

Issues with accessing ImageNow have been resolved. If you continue to experience any problems with any KU IT services, please contact KU IT Customer Service Center at 864-8080.

Technology Help

Call KU IT Customer Support

785-864-8080
Phone support

Email KU IT Customer Support

itcsc@ku.edu
Support via Email

Faculty/Staff Support

Faculty/Staff Support
Technology Support Centers

KU IT Knowledge Base

Knowledge Base
FAQs & More

Submit Help Ticket

Submit Help Ticket
Online Help

Call KU IT Customer Support

913-626-9619
Phone support

Email KU IT Customer Support

kuec_support@ku.edu
Support via Email

KU IT Knowledge Base

Knowledge Base
FAQs & More

Request Edwards IT Support

Request Edwards IT Support
Online Help

Comments or ideas on how we can serve you better? Send us your feedback!

KU Today