2.2. OCTAVE
The CERT/CC has developed a security model, OCTAVE, based, in part, on best practices from ISO 15048 and RFC 2196.
OCTAVE uses a three-part approach to help guide an organization through the process of identifying and addressing security issues:
1. |
Build asset-based threat profiles. |
2. |
Identify infrastructure vulnerabilities. |
3. |
Develop security strategy and plans. |
OCTAVE has been designed from the ground-up to be managed internally. CERT found that many organizations outsource their security assessments to third-party vendors. The problem with this method is that third-party vendors cannot adequately assess the security risks for a company. Every organization has different security needs, depending on what are viewed as core assets. ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.