3.1. Overview of the OCTAVE Method

The OCTAVE Method uses a three-phase approach to examining organizational and technology issues, thus assembling a comprehensive picture of the organization's information security needs. The method comprises a progressive series of workshops, each of which requires interaction among its participants. The OCTAVE Method is broken into eight processes: four in phase 1, two in phase 2, and two in phase 3. In addition, several preparation activities need to be completed before the actual evaluation. The three phases and preparation for the OCTAVE Method are depicted in Figure 3-1.

Figure 3-1. The OCTAVE Method


Get Managing Information Security Risks: The OCTAVESM Approach now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.