3.1. Overview of the OCTAVE Method

The OCTAVE Method uses a three-phase approach to examining organizational and technology issues, thus assembling a comprehensive picture of the organization's information security needs. The method comprises a progressive series of workshops, each of which requires interaction among its participants. The OCTAVE Method is broken into eight processes: four in phase 1, two in phase 2, and two in phase 3. In addition, several preparation activities need to be completed before the actual evaluation. The three phases and preparation for the OCTAVE Method are depicted in Figure 3-1.

Figure 3-1. The OCTAVE Method


Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.