x

Our Privacy Policy has changed. By using this site, you agree to the Privacy Policy.

Managing Information Security Risks The Octave Approach

ISBN-10: 0321118863
ISBN-13: 9780321118868
Edition: 2003
List price: $84.99 Buy it from $1.26 Rent it from $38.86
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: From the CERT Coordination Center at the SEI, this book describes OCTAVE, a new method of evaluating information security risk.@BULLET = This book is from the CERT Coordination Center and Networked Systems Survivability (NSS) group at the SEI, the  More...

Used Starting from $1.26
Rent Starting from $38.86
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS PowerPoint® 2010 Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $84.99
Copyright year: 2003
Publisher: Addison Wesley Professional
Publication date: 7/9/2002
Binding: Hardcover
Pages: 512
Size: 7.50" wide x 9.25" long x 1.25" tall
Weight: 2.134
Language: English

From the CERT Coordination Center at the SEI, this book describes OCTAVE, a new method of evaluating information security risk.@BULLET = This book is from the CERT Coordination Center and Networked Systems Survivability (NSS) group at the SEI, the Software Engineering Institute at Carnegie Mellon University. @BULLET = There is growing interest in OCTAVE. The DOD Medical Health System is one early adopter and there is also keen interest from the financial sector. @BULLET = The authors are the lead developers of the OCTAVE method and are experts in helping organizations manage their own security risks.@SUMMARY = This is a descriptive and process-oriented book on a new security risk evaluation method, OCTAVE. OCTAVE stands for Operationally Critical Threat, Asset, and Vulnerability Evaluation (SM). An information security risk evaluation helps organizations evaluate organizational practice as well as the installed technology base and to make decisions based on potential impact.@AUTHBIO = Christopher Alberts is a senior member of the technical staff in the Networked Systems Survivability Program (NSS) at the SEI, CERT Coordination Center. He is team leader for security evaluations and OCTAVE. Christopher is responsible for developing information security risk management methods, tools, and techniques. Audrey Dorofee is a senior member of the technical staff in the Survivable Network Management Project in the NSS Program at SEI, CERT Coordination Center. CERT is the original computer security incident response center and is internationally recognized as a leading authoritative organization in this area.

List of Figures
List of Tables
Preface
Acknowledgments
Introduction
Managing Information Security Risks
Information Security
What Is Information Security?
Vulnerability Assessment
Information Systems Audit
Information Security Risk Evaluation
Managed Service Providers
Implementing a Risk Management Approach
Information Security Risk Evaluation and Management
Evaluation Activities
Risk Evaluation and Management
An Approach to Information Security
Risk Evaluations
OCTAVE Approach
Information Security Risk
Three Phases
OCTAVE Variations
Common Elements
Principles and Attributes of Information Security Risk Evaluations
Introduction
Information Security Risk Management Principles
Information Security Risk Evaluation Principles
Risk Management Principles
Organizational and Cultural Principles
Information Security Risk Evaluation Attributes
Information Security Risk Evaluation Outputs
Phase 1: Build Asset-Based Threat Profiles
Phase 2: Identify Infrastructure Vulnerabilities
Phase 3: Develop Security Strategy and Plans
The OCTAVE Method
Introduction to the OCTAVE Method
Overview of the OCTAVE Method
Preparation
Phase 1: Build Asset-Based Threat Profiles
Phase 2: Identify Infrastructure Vulnerabilities
Phase 3: Develop Security Strategy and Plans
Mapping Attributes and Outputs to the OCTAVE Method
Attributes and the OCTAVE Method
Outputs and the OCTAVE Method
Introduction to the Sample Scenario
Preparing for OCTAVE
Overview of Preparation
Obtain Senior Management Sponsorship of OCTAVE
Select Analysis Team Members
Select Operational Areas to Participate in OCTAVE
Select Participants
Coordinate Logistics
Sample Scenario
Identifying Organizational Knowledge (Processes 1 to 3)
Overview of Processes 1 to 3
Identify Assets and Relative Priorities
Identify Areas of Concern
Identify Security Requirements for Most Important Assets
Capture Knowledge of Current Security Practices and Organizational Vulnerabilities
Creating Threat Profiles (Process 4)
Overview of Process 4
Before the Workshop: Consolidate Information from Processes 1 to 3
Select Critical Assets
Refine Security Requirements for Critical Assets
Identify Threats to Critical Assets
Identifying Key Components (Process 5)
Overview of Process 5
Identify Key Classes of Components
Identify Infrastructure Components to Examine
Evaluating Selected Components (Process 6)
Overview of Process 6
Before the Workshop: Run Vulnerability Evaluation Tools on Selected Infrastructure Components
Review Technology Vulnerabilities and Summarize Results
Conducting the Risk Analysis (Process 7)
Overview of Process 7
Identify the Impact of Threats to Critical Assets
Create Risk Evaluation Criteria
Evaluate the Impact of Threats to Critical Assets
Incorporating Probability into the Risk Analysis
What Is Probability?
Probability in the OCTAVE Method
Developing a Protection Strategy--Workshop A (Process 8A)
Overview of Process 8A
Before the Workshop: Consolidate Information from Processes 1 to 3
Review Risk Information
Create Protection Strategy
Create Risk Mitigation Plans
Create Action List
Incorporating Probability into Risk Mitigation
Developing a Protection Strategy--Workshop B (Process 8B)
Overview of Process 8B
Before the Workshop: Prepare to Meet with Senior Management
Present Risk Information
Review and Refine Protection Strategy, Mitigation Plans, and Action List
Create Next Steps
Summary of Part II
Variations on the OCTAVE Approach
An Introduction to Tailoring OCTAVE
The Range of Possibilities
Tailoring the OCTAVE Method to Your Organization
Tailoring the Evaluation
Tailoring Artifacts
Practical Applications
Introduction
The Small Organization
Company S
Implementing OCTAVE in Small Organizations
Very Large, Dispersed Organizations
Integrated Web Portal Service Providers
Large and Small Organizations
Other Considerations
Information Security Risk Management
Introduction
A Framework for Managing Information Security Risks
Identify
Analyze
Plan
Implement
Monitor
Control
Implementing Information Security Risk Management
Summary
Glossary
Bibliography
Case Scenario for the OCTAVE Method
MedSite OCTAVE Final Report: Introduction
Protection Strategy for MedSite
Near-Term Action Items
Risks and Mitigation Plans for Critical Assets
Paper Medical Records
Personal Computers
PIDS
ABC Systems
ECDS
Technology Vulnerability Evaluation Results and Recommended Actions
Additional Information
Risk Impact Evaluation Criteria
Other Assets
Consolidated Survey Results
Worksheets
Knowledge Elicitation Worksheets
Asset Worksheet
Areas of Concern Worksheet
Security Requirements Worksheet
Practice Surveys
Protection Strategy Worksheet
Asset Profile Worksheets
Critical Asset Information
Security Requirements
Threat Profile for Critical Asset
System(s) of Interest
Key Classes of Components
Infrastructure Components to Examine
Summarize Technology Vulnerabilities
Record Action Items
Risk Impact Descriptions
Risk Evaluation Criteria Worksheet
Risk Profile Worksheet
Risk Mitigation Plans
Strategies and Actions
Current Security Practices Worksheets
Protection Strategy Worksheets
Action List Worksheet
Catalog of Practices
About the Authors
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×