2.1. Choosing a Security Model
The first step is to understand what types of models are available. The more aware of different models you are, the easier it will be to choose the model that best matches the needs of your company.
The focus of this chapter will be on the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) model. OCTAVE was, and continues to be, developed by the Computer Emergency Response Team at Carnegie Mellon University, better known as CERT®/CC (CERT Coordination Center).
The CERT®/CC was created in 1988 by the Defense Advanced Research Projects Agency (DARPA) to deal with computer-related security emergencies. The CERT®/CC grew quickly, and today it disseminates information about potential security ...