Difference between revisions of "OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation)"

The '''Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)''' is a framework for identifying and managing information security risks. It defines a comprehensive evaluation method that allows an [[Organization|organization]] to identify the information assets that are important to the mission of the organization, the threats to those assets, and the vulnerabilities that may expose those assets to the threats. By putting together the information assets, threats, and vulnerabilities, the organization can begin to [[Information Risk Management (IRM)|understand what information is at risk]]. With this understanding, the organization can design and implement a protection strategy to reduce the overall risk exposure of its information assets.<ref>Definition - What is OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) [https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=13473 CMU.edu]</ref>

The '''Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)''' is a framework for identifying and managing information security risks. It defines a comprehensive evaluation method that allows an [[Organization|organization]] to identify the information assets that are important to the mission of the organization, the threats to those assets, and the vulnerabilities that may expose those assets to the threats. By putting together the information assets, threats, and vulnerabilities, the organization can begin to [[Information Risk Management (IRM)|understand what information is at risk]]. With this understanding, the organization can design and implement a protection strategy to reduce the overall risk exposure of its information assets.<ref>Definition - What is OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) [https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=13473 CMU.edu]</ref>