SlideShare a Scribd company logo

Octave

Download as PPTX, PDF
A
Amar Myana

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), OCTAVE Phases, risk-based strategic assessment, and planning technique

1 of 16
OCTAVE
About Me ▶ AMAR MYANA Senior Software Developer Security Brigade Infosec Pvt. Ltd. 3 ½ years
Summary ▶ Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) ▶ an approach for managing information security risks ▶ Key Differences Between OCTAVE and Other Approaches ▶ Key Characteristics of the OCTAVE Approach ▶ OCTAVE Phases ▶ Two OCTAVE-consistent methods developed at the Software Engineering Institute (SEI) ▶ the OCTAVE Method for large organizations ▶ The OCTAVE-S for small organizations ▶ Choosing Between the Methods
What Is OCTAVE? ▶ OCTAVE is a risk based strategic assessment and planning technique for security. ▶ OCTAVE is self-directed ▶ OCTAVE is targeted at organizational risk and focused on strategic, practice-related issues. ▶ When applying OCTAVE, a small team of people from the operational (or business) units and the information technology (IT) department work together to address the security needs of the organization, balancing the three key aspects ▶ Operational Risk ▶ Security Practices, ▶ and Technology
What Is OCTAVE? ▶ OCTAVE approach is driven by two aspects: ▶ Operational Risk ▶ Security Practices ▶ By using the OCTAVE approach, an organization makes information-protection decisions based on risks to the confidentiality, integrity, and availability of critical information-related assets.
Key Differences Between OCTAVE and Other Approaches OCTAVE Other Evaluations Organization evaluation System evaluation Focus on security practices Focus on technology Strategic issues Tactical issues Self direction Expert led
Key Characteristics of the OCTAVE Approach ▶ OCTAVE is an asset-driven evaluation approach. Analysis teams ▶ identify information-related assets (e.g., information and systems) that are important to the organization ▶ focus risk analysis activities on those assets judged to be most critical to the organization ▶ consider the relationships among critical assets, the threats to those assets, and vulnerabilities (both organizational and technological) that can expose assets to threats ▶ evaluate risks in an operational context - how they are used to conduct an organization’s business and how those assets are at risk due to security threats ▶ create a practice-based protection strategy for organizational improvement as well as risk mitigation plans to reduce the risk to the organization’s critical assets
OCTAVE Phases ▶ Phase 1: Build Asset-Based Threat Profiles ▶ This is an organizational evaluation. ▶ It identifies threats to each critical asset, creating a threat profile for that asset ▶ Phase 2: Identify Infrastructure Vulnerabilities ▶ This is an evaluation of the information infrastructure. ▶ Examines network access paths, identifying classes of information technology components related to each critical asset. ▶ Phase 3: Develop Security Strategy and Plans ▶ Identifies risks to the organization’s critical assets and decides what to do about them
OCTAVE Phases
OCTAVE Method ▶ The OCTAVE Method was developed with large organizations in mind (e.g., 300 employees or more). ▶ OCTAVE Method Processes ▶ Phase 1: Build Asset-Based Threat Profiles ▶ Process 1: Identify Senior Management Knowledge ▶ Process 2: Identify Operational Area Knowledge ▶ Process 3: Identify Staff Knowledge ▶ Process 4: Create Threat Profiles ▶ Phase 2: Identify Infrastructure Vulnerabilities ▶ Process 5: Identify Key Components ▶ Process 6: Evaluate Selected Components ▶ Phase 3: Develop Security Strategy and Plans ▶ Process 7: Conduct Risk Analysis ▶ Process 8: Develop Protection Strategy
OCTAVE-S ▶ OCTAVE-S was developed and tested for small organizations, ranging from 20 to 80 people. ▶ OCTAVE-S relates to the Phase 2 evaluation of the computing infrastructure. ▶ OCTAVE-S also includes an optional, qualitative version of probability. ▶ OCTAVE-S Processes ▶ OCTAVE-S has the same three phases described in the OCTAVE approach and in the OCTAVE Method. ▶ Phase 1: Build Asset-Based Threat Profiles ▶ Process S1: Identify Organizational Information ▶ Process S2: Create Threat Profiles ▶ Phase 2: Identify Infrastructure Vulnerabilities ▶ Process S3: Examine the Computing Infrastructure in Relation to Critical Assets ▶ Phase 3: Develop Security Strategy and Plans ▶ Process S4: Identify and Analyze Risks ▶ Process S5: Develop Protection Strategy and Mitigation Plans
Choosing Between the Methods ▶ The OCTAVE Method is structured for an analysis team with some understanding of IT and security issues, employing an open, brainstorming approach for gathering and analyzing information. ▶ OCTAVE-S is more structured. Security concepts are embedded in OCTAVE-S worksheets, allowing for their use by less experienced practitioners. ▶ The following set of questions should be used to help you decide which method is best suited for your organization. Question OCTAVE Method OCTAVE-S Size and complexity of the organization Is your organization small? Does your organization have a flat or simple hierarchical structure? • Are you a large company (300 or more employees)? Do you have a complex structure or geographically- dispersed divisions? •
Choosing Between the Methods Question OCTAVE Method OCTAVE-S Structured or Open-Ended Method Do you prefer a more structured method using fill-in-the-blanks, checklists, and redlines, but not as easy to tailor? • Do you prefer a more open-ended methodology that is easy to tailor and adapt to your own preferences? • Analysis team composition Can you find a group of three to five people for the analysis team who have a broad and deep understanding of the company and also possess most of the following skills? • Can you find a group of 3-5 people for the analysis team who have some understanding of at least part of the company and also possess most of the following skills? •
Choosing Between the Methods Question OCTAVE Method OCTAVE-S IT resources Do you outsource all or most of your information technology functions? • Do you have a relatively simple information technology infrastructure that is well understood by at least one individual in your organization? • Do you manage your own computing infrastructure and are familiar with running vulnerability evaluation tools? • Do you have a complex computing infrastructure that is well understood by one or more individuals in your organization? • Are you able to run, comprehend, and interpret the results of vulnerability evaluation tools within the context of information- related assets? •
Choosing Between the Methods Question OCTAVE Method OCTAVE-S Using a Beta-version method Are you willing to use a beta-version of a method (that is, use a method that may not have all the guidance you might need)? •
Octave

Recommended

OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
3.2 partitioning methods
3.2 partitioning methods3.2 partitioning methods
3.2 partitioning methods
Krish_ver2
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
Student
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanisms
Vaibhav Khanna
 
Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3
RMK ENGINEERING COLLEGE, CHENNAI
 

Recommended

OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
3.2 partitioning methods
3.2 partitioning methods3.2 partitioning methods
3.2 partitioning methods
Krish_ver2
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
Student
 
Security models
Security models Security models
Security models
LJ PROJECTS
 
Access Controls
Access ControlsAccess Controls
Access Controls
primeteacher32
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanisms
Vaibhav Khanna
 
Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3Cs6703 grid and cloud computing unit 3
Cs6703 grid and cloud computing unit 3
RMK ENGINEERING COLLEGE, CHENNAI
 
Clustering in Data Mining
Clustering in Data MiningClustering in Data Mining
Clustering in Data Mining
Archana Swaminathan
 
Trends in distributed systems
Trends in distributed systemsTrends in distributed systems
Trends in distributed systems
Jayanthi Radhakrishnan
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
3.3 hierarchical methods
3.3 hierarchical methods3.3 hierarchical methods
3.3 hierarchical methods
Krish_ver2
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed Systems
Pritom Saha Akash
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
Sunita Sahu
 
05 Clustering in Data Mining
05 Clustering in Data Mining05 Clustering in Data Mining
05 Clustering in Data Mining
Valerii Klymchuk
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
Abdullah Alfadhly
 
Computation systems for protecting delimited data
Computation systems for protecting delimited dataComputation systems for protecting delimited data
Computation systems for protecting delimited data
G Prachi
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Grid protocol architecture
Grid protocol architectureGrid protocol architecture
Grid protocol architecture
Pooja Dixit
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
lazy learners and other classication methods
lazy learners and other classication methodslazy learners and other classication methods
lazy learners and other classication methods
rajshreemuthiah
 
Class based modeling
Class based modelingClass based modeling
Class based modeling
Md. Shafiuzzaman Hira
 
The OCTAVE Method
The OCTAVE MethodThe OCTAVE Method
The OCTAVE Method
Raul Calzada
 
Octave Topology
Octave TopologyOctave Topology
Octave Topology
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 

More Related Content

What's hot

Clustering in Data Mining
Clustering in Data MiningClustering in Data Mining
Clustering in Data Mining
Archana Swaminathan
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Information Security
Information SecurityInformation Security
Information Security
Dhilsath Fathima
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanismspriya_trehan
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
3.3 hierarchical methods
3.3 hierarchical methods3.3 hierarchical methods
3.3 hierarchical methods
Krish_ver2
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed Systems
Pritom Saha Akash
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
Sunita Sahu
 
05 Clustering in Data Mining
05 Clustering in Data Mining05 Clustering in Data Mining
05 Clustering in Data Mining
Valerii Klymchuk
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
Abdullah Alfadhly
 
Computation systems for protecting delimited data
Computation systems for protecting delimited dataComputation systems for protecting delimited data
Computation systems for protecting delimited data
G Prachi
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Grid protocol architecture
Grid protocol architectureGrid protocol architecture
Grid protocol architecture
Pooja Dixit
 
IoT Security
IoT SecurityIoT Security
IoT Security
Narudom Roongsiriwong, CISSP
 
lazy learners and other classication methods
lazy learners and other classication methodslazy learners and other classication methods
lazy learners and other classication methods
rajshreemuthiah
 
Class based modeling
Class based modelingClass based modeling
Class based modeling
Md. Shafiuzzaman Hira
 

What's hot (20)

Clustering in Data Mining
Clustering in Data MiningClustering in Data Mining
Clustering in Data Mining
 
Trends in distributed systems
Trends in distributed systemsTrends in distributed systems
Trends in distributed systems
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Information Security
Information SecurityInformation Security
Information Security
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
3.3 hierarchical methods
3.3 hierarchical methods3.3 hierarchical methods
3.3 hierarchical methods
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
Deadlock in Distributed Systems
Deadlock in Distributed SystemsDeadlock in Distributed Systems
Deadlock in Distributed Systems
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
 
05 Clustering in Data Mining
05 Clustering in Data Mining05 Clustering in Data Mining
05 Clustering in Data Mining
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
 
Computation systems for protecting delimited data
Computation systems for protecting delimited dataComputation systems for protecting delimited data
Computation systems for protecting delimited data
 
Security policies
Security policiesSecurity policies
Security policies
 
Grid protocol architecture
Grid protocol architectureGrid protocol architecture
Grid protocol architecture
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
lazy learners and other classication methods
lazy learners and other classication methodslazy learners and other classication methods
lazy learners and other classication methods
 
Class based modeling
Class based modelingClass based modeling
Class based modeling
 

Viewers also liked

The OCTAVE Method
The OCTAVE MethodThe OCTAVE Method
The OCTAVE Method
Raul Calzada
 
Octave Topology
Octave TopologyOctave Topology
Octave Topology
Jason Rusch - CISSP CGEIT CISM CISA GNSA
 
Comparative of risk analysis methodologies
Comparative of risk analysis methodologiesComparative of risk analysis methodologies
Comparative of risk analysis methodologies
Ramiro Cid
 
Amth250 octave matlab some solutions (1)
Amth250 octave matlab some solutions (1)Amth250 octave matlab some solutions (1)
Amth250 octave matlab some solutions (1)asghar123456
 
Constructing relevant quality assurance approaches
Constructing relevant quality assurance approachesConstructing relevant quality assurance approaches
Constructing relevant quality assurance approaches
Anthony Fisher Camilleri
 
Mobile interaction models, beyond the app
Mobile interaction models, beyond the appMobile interaction models, beyond the app
Mobile interaction models, beyond the app
Koen Delvaux
 
Groupware/CSCW
Groupware/CSCWGroupware/CSCW
Groupware/CSCW
waqas khattak
 
Retail_Fixtures_Displays_1_
Retail_Fixtures_Displays_1_Retail_Fixtures_Displays_1_
Retail_Fixtures_Displays_1_Augustine Kim
 
Jenna Paul Potrfolio
Jenna Paul PotrfolioJenna Paul Potrfolio
Jenna Paul PotrfolioJenna Paul
 
Mi querida santa cruz
Mi querida santa cruzMi querida santa cruz
Mi querida santa cruz
Edgardo Vaca Moruco
 
Soal latihan tik materi excel
Soal latihan tik materi excelSoal latihan tik materi excel
Soal latihan tik materi excel
wensi wen
 
Models of Interaction
Models of InteractionModels of Interaction
Models of InteractionjbellWCT
 
Octave
OctaveOctave
Octave
Cynthia Chamoun
 
Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...
Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...
Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...
Amar Myana
 
Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...
Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...
Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...
Ellan Syahnoorizal Siregar
 
Object Relational Database Management System
Object Relational Database Management SystemObject Relational Database Management System
Object Relational Database Management System
Amar Myana
 
Octave - Prototyping Machine Learning Algorithms
Octave - Prototyping Machine Learning AlgorithmsOctave - Prototyping Machine Learning Algorithms
Octave - Prototyping Machine Learning Algorithms
Craig Trim
 
Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...
Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...
Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...
Ellan Syahnoorizal Siregar
 
Groupware
GroupwareGroupware
Groupware
Edison Rpo
 

Viewers also liked (20)

The OCTAVE Method
The OCTAVE MethodThe OCTAVE Method
The OCTAVE Method
 
Octave Topology
Octave TopologyOctave Topology
Octave Topology
 
Comparative of risk analysis methodologies
Comparative of risk analysis methodologiesComparative of risk analysis methodologies
Comparative of risk analysis methodologies
 
Amth250 octave matlab some solutions (1)
Amth250 octave matlab some solutions (1)Amth250 octave matlab some solutions (1)
Amth250 octave matlab some solutions (1)
 
Constructing relevant quality assurance approaches
Constructing relevant quality assurance approachesConstructing relevant quality assurance approaches
Constructing relevant quality assurance approaches
 
Mobile interaction models, beyond the app
Mobile interaction models, beyond the appMobile interaction models, beyond the app
Mobile interaction models, beyond the app
 
Groupware/CSCW
Groupware/CSCWGroupware/CSCW
Groupware/CSCW
 
Retail_Fixtures_Displays_1_
Retail_Fixtures_Displays_1_Retail_Fixtures_Displays_1_
Retail_Fixtures_Displays_1_
 
Jenna Paul Potrfolio
Jenna Paul PotrfolioJenna Paul Potrfolio
Jenna Paul Potrfolio
 
Darryl Schultz_Resume
Darryl Schultz_ResumeDarryl Schultz_Resume
Darryl Schultz_Resume
 
Mi querida santa cruz
Mi querida santa cruzMi querida santa cruz
Mi querida santa cruz
 
Soal latihan tik materi excel
Soal latihan tik materi excelSoal latihan tik materi excel
Soal latihan tik materi excel
 
Models of Interaction
Models of InteractionModels of Interaction
Models of Interaction
 
Octave
OctaveOctave
Octave
 
Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...
Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...
Graph Mining, Graph Patterns, Social Network, Set & List Valued Attribute, Sp...
 
Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...
Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...
Sni 2836-2008-tata cara perhitungan harga satuan pekerjaan pondasi untuk kons...
 
Object Relational Database Management System
Object Relational Database Management SystemObject Relational Database Management System
Object Relational Database Management System
 
Octave - Prototyping Machine Learning Algorithms
Octave - Prototyping Machine Learning AlgorithmsOctave - Prototyping Machine Learning Algorithms
Octave - Prototyping Machine Learning Algorithms
 
Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...
Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...
Sni 7395-2008-tata cara perhitungan harga satuan pekerjaan penutup lantai dan...
 
Groupware
GroupwareGroupware
Groupware
 

Similar to Octave

Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Editor IJCATR
 
Running Header 1SYSTEM ARCHITECTURE2Unit .docx
Running Header 1SYSTEM ARCHITECTURE2Unit .docxRunning Header 1SYSTEM ARCHITECTURE2Unit .docx
Running Header 1SYSTEM ARCHITECTURE2Unit .docx
rtodd599
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
Amit Patil
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityMichael Xevgenis
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
Info-Tech Research Group
 
Running Header 1SYSTEM ARCHITECTURE24Gr.docx
Running Header 1SYSTEM ARCHITECTURE24Gr.docxRunning Header 1SYSTEM ARCHITECTURE24Gr.docx
Running Header 1SYSTEM ARCHITECTURE24Gr.docx
rtodd599
 
Sentiment Analysis on Twitter Data
Sentiment Analysis on Twitter DataSentiment Analysis on Twitter Data
Sentiment Analysis on Twitter Data
IRJET Journal
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
 
Running Header 1APPLICATION DEVELOPMENT METHODS2.docx
Running Header 1APPLICATION DEVELOPMENT METHODS2.docxRunning Header 1APPLICATION DEVELOPMENT METHODS2.docx
Running Header 1APPLICATION DEVELOPMENT METHODS2.docx
rtodd599
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
99X Technology
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture
Nirosh Jayaratnam
 
Threat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsThreat intelligence life cycle steps by steps
Threat intelligence life cycle steps by steps
JayeshGadhave1
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
Jack Nichelson
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
ShivamSharma909
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
WPICPE
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
Kabul Education University
 

Similar to Octave (20)

Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
 
Running Header 1SYSTEM ARCHITECTURE2Unit .docx
Running Header 1SYSTEM ARCHITECTURE2Unit .docxRunning Header 1SYSTEM ARCHITECTURE2Unit .docx
Running Header 1SYSTEM ARCHITECTURE2Unit .docx
 
Software development o & c
Software development o & cSoftware development o & c
Software development o & c
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information Security
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
Running Header 1SYSTEM ARCHITECTURE24Gr.docx
Running Header 1SYSTEM ARCHITECTURE24Gr.docxRunning Header 1SYSTEM ARCHITECTURE24Gr.docx
Running Header 1SYSTEM ARCHITECTURE24Gr.docx
 
Sentiment Analysis on Twitter Data
Sentiment Analysis on Twitter DataSentiment Analysis on Twitter Data
Sentiment Analysis on Twitter Data
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Running Header 1APPLICATION DEVELOPMENT METHODS2.docx
Running Header 1APPLICATION DEVELOPMENT METHODS2.docxRunning Header 1APPLICATION DEVELOPMENT METHODS2.docx
Running Header 1APPLICATION DEVELOPMENT METHODS2.docx
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture
 
Threat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsThreat intelligence life cycle steps by steps
Threat intelligence life cycle steps by steps
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 

Recently uploaded

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 

Recently uploaded (20)

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 

Octave

  • 2. About Me ▶ AMAR MYANA Senior Software Developer Security Brigade Infosec Pvt. Ltd. 3 ½ years
  • 3. Summary ▶ Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) ▶ an approach for managing information security risks ▶ Key Differences Between OCTAVE and Other Approaches ▶ Key Characteristics of the OCTAVE Approach ▶ OCTAVE Phases ▶ Two OCTAVE-consistent methods developed at the Software Engineering Institute (SEI) ▶ the OCTAVE Method for large organizations ▶ The OCTAVE-S for small organizations ▶ Choosing Between the Methods
  • 4. What Is OCTAVE? ▶ OCTAVE is a risk based strategic assessment and planning technique for security. ▶ OCTAVE is self-directed ▶ OCTAVE is targeted at organizational risk and focused on strategic, practice-related issues. ▶ When applying OCTAVE, a small team of people from the operational (or business) units and the information technology (IT) department work together to address the security needs of the organization, balancing the three key aspects ▶ Operational Risk ▶ Security Practices, ▶ and Technology
  • 5. What Is OCTAVE? ▶ OCTAVE approach is driven by two aspects: ▶ Operational Risk ▶ Security Practices ▶ By using the OCTAVE approach, an organization makes information-protection decisions based on risks to the confidentiality, integrity, and availability of critical information-related assets.
  • 6. Key Differences Between OCTAVE and Other Approaches OCTAVE Other Evaluations Organization evaluation System evaluation Focus on security practices Focus on technology Strategic issues Tactical issues Self direction Expert led
  • 7. Key Characteristics of the OCTAVE Approach ▶ OCTAVE is an asset-driven evaluation approach. Analysis teams ▶ identify information-related assets (e.g., information and systems) that are important to the organization ▶ focus risk analysis activities on those assets judged to be most critical to the organization ▶ consider the relationships among critical assets, the threats to those assets, and vulnerabilities (both organizational and technological) that can expose assets to threats ▶ evaluate risks in an operational context - how they are used to conduct an organization’s business and how those assets are at risk due to security threats ▶ create a practice-based protection strategy for organizational improvement as well as risk mitigation plans to reduce the risk to the organization’s critical assets
  • 8. OCTAVE Phases ▶ Phase 1: Build Asset-Based Threat Profiles ▶ This is an organizational evaluation. ▶ It identifies threats to each critical asset, creating a threat profile for that asset ▶ Phase 2: Identify Infrastructure Vulnerabilities ▶ This is an evaluation of the information infrastructure. ▶ Examines network access paths, identifying classes of information technology components related to each critical asset. ▶ Phase 3: Develop Security Strategy and Plans ▶ Identifies risks to the organization’s critical assets and decides what to do about them
  • 10. OCTAVE Method ▶ The OCTAVE Method was developed with large organizations in mind (e.g., 300 employees or more). ▶ OCTAVE Method Processes ▶ Phase 1: Build Asset-Based Threat Profiles ▶ Process 1: Identify Senior Management Knowledge ▶ Process 2: Identify Operational Area Knowledge ▶ Process 3: Identify Staff Knowledge ▶ Process 4: Create Threat Profiles ▶ Phase 2: Identify Infrastructure Vulnerabilities ▶ Process 5: Identify Key Components ▶ Process 6: Evaluate Selected Components ▶ Phase 3: Develop Security Strategy and Plans ▶ Process 7: Conduct Risk Analysis ▶ Process 8: Develop Protection Strategy
  • 11. OCTAVE-S ▶ OCTAVE-S was developed and tested for small organizations, ranging from 20 to 80 people. ▶ OCTAVE-S relates to the Phase 2 evaluation of the computing infrastructure. ▶ OCTAVE-S also includes an optional, qualitative version of probability. ▶ OCTAVE-S Processes ▶ OCTAVE-S has the same three phases described in the OCTAVE approach and in the OCTAVE Method. ▶ Phase 1: Build Asset-Based Threat Profiles ▶ Process S1: Identify Organizational Information ▶ Process S2: Create Threat Profiles ▶ Phase 2: Identify Infrastructure Vulnerabilities ▶ Process S3: Examine the Computing Infrastructure in Relation to Critical Assets ▶ Phase 3: Develop Security Strategy and Plans ▶ Process S4: Identify and Analyze Risks ▶ Process S5: Develop Protection Strategy and Mitigation Plans
  • 12. Choosing Between the Methods ▶ The OCTAVE Method is structured for an analysis team with some understanding of IT and security issues, employing an open, brainstorming approach for gathering and analyzing information. ▶ OCTAVE-S is more structured. Security concepts are embedded in OCTAVE-S worksheets, allowing for their use by less experienced practitioners. ▶ The following set of questions should be used to help you decide which method is best suited for your organization. Question OCTAVE Method OCTAVE-S Size and complexity of the organization Is your organization small? Does your organization have a flat or simple hierarchical structure? • Are you a large company (300 or more employees)? Do you have a complex structure or geographically- dispersed divisions? •
  • 13. Choosing Between the Methods Question OCTAVE Method OCTAVE-S Structured or Open-Ended Method Do you prefer a more structured method using fill-in-the-blanks, checklists, and redlines, but not as easy to tailor? • Do you prefer a more open-ended methodology that is easy to tailor and adapt to your own preferences? • Analysis team composition Can you find a group of three to five people for the analysis team who have a broad and deep understanding of the company and also possess most of the following skills? • Can you find a group of 3-5 people for the analysis team who have some understanding of at least part of the company and also possess most of the following skills? •
  • 14. Choosing Between the Methods Question OCTAVE Method OCTAVE-S IT resources Do you outsource all or most of your information technology functions? • Do you have a relatively simple information technology infrastructure that is well understood by at least one individual in your organization? • Do you manage your own computing infrastructure and are familiar with running vulnerability evaluation tools? • Do you have a complex computing infrastructure that is well understood by one or more individuals in your organization? • Are you able to run, comprehend, and interpret the results of vulnerability evaluation tools within the context of information- related assets? •
  • 15. Choosing Between the Methods Question OCTAVE Method OCTAVE-S Using a Beta-version method Are you willing to use a beta-version of a method (that is, use a method that may not have all the guidance you might need)? •