CXOToday.com Page 1 of 1
SISA Completes OCTAVE Assessment For Ascendus
SISA Information Security Pvt. Ltd., a information security consultancy firm,
has completed the OCTAVE (Operationally Critical Threat, Asset, and
Vulnerability Evaluation) assessment for Bangalore-based Ascendus
Speaking to CXOtoday, Darshan Shanthamurthy, director-operations, SISA
Information said, quot;This is the second client in the last two months to have
assessed their security risks through OCTAVE technology.' It took two
weeks for the risk assessment process at Ascendus, and four weeks for the
company's earlier client, the Software Technology Park of India (STPI), Bangalore.
The total cost of the assessment process depends on the amount of time taken to complete it. Shanthamurthy added, quot;For a
300 employee organization, the assessment would take roughly two weeks for a single location, the cost of which would work
out to roughly Rs 1 lakh. The figure could be as high as Rs 50 lakh for an organization with 10,000 employees spread over
multiple locations, for which the assessment process would take around four weeks.quot;
It is a general practice among bigger IT users to have an IT audit mechanism in place for regular cross evaluations against
standards. However, risk assessment is a prime necessity as Santhamurthy explained, quot;In IT audits the evaluation is done
against standards, whereas in risk assessment the locational, technical, and business related risks are evaluated, to give the
enterprise a clear picture of where it stands as far as business security is concerned.quot;
OCTAVE is a methodology for security risk assessment formulated by the Software Engineering Institute (SEI) of Carnegie
Mellon University (CMU) USA, under which all information assets and related physical assets of an enterprise are evaluated.
Ascendus Technologies, which helps universities especially in the US, to develop web-based survey software applications,
has used this risk assessment method for ensuring its credibility to its clients. Ascendus Technologies (India) CEO, Vikram
Kumar, said, quot;Our clients wanted to be assured of our credibility in business processes, which is why we went for the risk
assessment based on OCTAVE.quot;
SISA, together with STPI-Bangalore, is organizing its second OCTAVE (SEI-CMU) Information Security Risk Assessment
Training workshop from March 4-6, 2004 in Bangalore, the detailed information for which is available here. The event has
already received confirmed participation from the likes of Wipro, Paragon Technologies, and ITC Infotech.
As more and more IT enterprises offer their services to clients abroad, OCTAVE risk assessment is poised for wider
acceptance amongst Indian IT enterprises.
Find this article at: