Octave Assessment
Upcoming SlideShare
Loading in...5
×
 

Octave Assessment

on

  • 1,328 views

 

Statistics

Views

Total Views
1,328
Views on SlideShare
1,328
Embed Views
0

Actions

Likes
0
Downloads
11
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Octave Assessment Octave Assessment Document Transcript

  • CXOToday.com Page 1 of 1 SISA Completes OCTAVE Assessment For Ascendus SISA Information Security Pvt. Ltd., a information security consultancy firm, has completed the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) assessment for Bangalore-based Ascendus Technology. Speaking to CXOtoday, Darshan Shanthamurthy, director-operations, SISA Information said, quot;This is the second client in the last two months to have assessed their security risks through OCTAVE technology.' It took two weeks for the risk assessment process at Ascendus, and four weeks for the company's earlier client, the Software Technology Park of India (STPI), Bangalore. The total cost of the assessment process depends on the amount of time taken to complete it. Shanthamurthy added, quot;For a 300 employee organization, the assessment would take roughly two weeks for a single location, the cost of which would work out to roughly Rs 1 lakh. The figure could be as high as Rs 50 lakh for an organization with 10,000 employees spread over multiple locations, for which the assessment process would take around four weeks.quot; It is a general practice among bigger IT users to have an IT audit mechanism in place for regular cross evaluations against standards. However, risk assessment is a prime necessity as Santhamurthy explained, quot;In IT audits the evaluation is done against standards, whereas in risk assessment the locational, technical, and business related risks are evaluated, to give the enterprise a clear picture of where it stands as far as business security is concerned.quot; OCTAVE is a methodology for security risk assessment formulated by the Software Engineering Institute (SEI) of Carnegie Mellon University (CMU) USA, under which all information assets and related physical assets of an enterprise are evaluated. Ascendus Technologies, which helps universities especially in the US, to develop web-based survey software applications, has used this risk assessment method for ensuring its credibility to its clients. Ascendus Technologies (India) CEO, Vikram Kumar, said, quot;Our clients wanted to be assured of our credibility in business processes, which is why we went for the risk assessment based on OCTAVE.quot; SISA, together with STPI-Bangalore, is organizing its second OCTAVE (SEI-CMU) Information Security Risk Assessment Training workshop from March 4-6, 2004 in Bangalore, the detailed information for which is available here. The event has already received confirmed participation from the likes of Wipro, Paragon Technologies, and ITC Infotech. As more and more IT enterprises offer their services to clients abroad, OCTAVE risk assessment is poised for wider acceptance amongst Indian IT enterprises. Find this article at: http://www.cxotoday.com/cxo/jsp/article.jsp?article_id=672&cat_id=908 http://www.cxotoday.com/cxo/jsp/article.jsp?print=1&article_id=672&cat_id=908 04-Dec-07