Page 1 o...
Upcoming SlideShare
Loading in …5

Octave Assessment


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Octave Assessment

  1. 1. Page 1 of 1 SISA Completes OCTAVE Assessment For Ascendus SISA Information Security Pvt. Ltd., a information security consultancy firm, has completed the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) assessment for Bangalore-based Ascendus Technology. Speaking to CXOtoday, Darshan Shanthamurthy, director-operations, SISA Information said, quot;This is the second client in the last two months to have assessed their security risks through OCTAVE technology.' It took two weeks for the risk assessment process at Ascendus, and four weeks for the company's earlier client, the Software Technology Park of India (STPI), Bangalore. The total cost of the assessment process depends on the amount of time taken to complete it. Shanthamurthy added, quot;For a 300 employee organization, the assessment would take roughly two weeks for a single location, the cost of which would work out to roughly Rs 1 lakh. The figure could be as high as Rs 50 lakh for an organization with 10,000 employees spread over multiple locations, for which the assessment process would take around four weeks.quot; It is a general practice among bigger IT users to have an IT audit mechanism in place for regular cross evaluations against standards. However, risk assessment is a prime necessity as Santhamurthy explained, quot;In IT audits the evaluation is done against standards, whereas in risk assessment the locational, technical, and business related risks are evaluated, to give the enterprise a clear picture of where it stands as far as business security is concerned.quot; OCTAVE is a methodology for security risk assessment formulated by the Software Engineering Institute (SEI) of Carnegie Mellon University (CMU) USA, under which all information assets and related physical assets of an enterprise are evaluated. Ascendus Technologies, which helps universities especially in the US, to develop web-based survey software applications, has used this risk assessment method for ensuring its credibility to its clients. Ascendus Technologies (India) CEO, Vikram Kumar, said, quot;Our clients wanted to be assured of our credibility in business processes, which is why we went for the risk assessment based on OCTAVE.quot; SISA, together with STPI-Bangalore, is organizing its second OCTAVE (SEI-CMU) Information Security Risk Assessment Training workshop from March 4-6, 2004 in Bangalore, the detailed information for which is available here. The event has already received confirmed participation from the likes of Wipro, Paragon Technologies, and ITC Infotech. As more and more IT enterprises offer their services to clients abroad, OCTAVE risk assessment is poised for wider acceptance amongst Indian IT enterprises. Find this article at: 04-Dec-07