 |
|
|
Today, we rely on access to digital data that are accessible, dependable, and protected from misuse. Unfortunately, this need for accessible data also exposes organizations to a variety of new threats that can affect their information. The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) enables organizations to understand and address their information security risks. OCTAVE is led by a small, interdisciplinary team of an organization's personnel and focuses on an organization's assets and the risks to those assets. It is a comprehensive, systematic, context-driven, and self-directed evaluation approach. The essential elements of the OCTAVE approach are embodied in a set of criteria that define the requirements for OCTAVE. This report describes the OCTAVE criteria. The goal of this report is to define a general approach for evaluating and managing information security risks. Organizations can then develop methods that are consistent with the OCTAVE criteria.
Vintara enables and delivers and OCTAVE solution to your organization. Using the Vintara OCTAVE solution, your company will be able Identify Enterprise Knowledge:
--Mass Mailing of Questionairre to the correct individuals or groups
--Organized centeral data location
--Your priotized lists of assets real time
--Protection policies, practices, and work instructions to view, manage, and communicate throughout your organization
--Operation areas easily identified to optimize your security efforts and dollars to improve your organization
Identify Operation Knowledge:
--Generate the operation threat profile
--Identify current operation protection stratagies on-line
--Identify operational and enterprise assets
Identify Staff Knowledge:
--Easily prioritize a list of staff assets and values
--Create a staff threat profile
--Identify the staff risk indicators
Establish Security Requirements:
--Use threat profiles, current protection stratagies, risk indicators driven from earlier phases.
--Develop security requirements
--Make a security strategy blueprint
Map High Priority Information Assets and Infrastructure:
--Locate assets and information infrastructure
--Map out assest data flows and access paths
--Work on high priority components within the infrastructure
Conduct Vunerability Evaluation:
--Evualate and follow intrusion scenarios
--Identify potential and actual vunerabilities
--Discover missing polices
Multi-dimensional Risk Analysis:
--Enable drill down risk analysis to identify exposed assets, threat probability, risks, and impacts on exposed threats
Develop Protection Strategy:
--Follow up with proactive activities including protection strategies, security risk plans, and mitigation approaches
Learn more about features of the Vintara Security Management System.
|
|
|
