Managing Information Security Risks: The Octave Approach

1635 WordsFeb 4, 20186 Pages
Alberts, C. & Dorofee, A.(2003) Managing Information Security Risks: The OCTAVE Approach. New York: Addison Wesley. This work is a descriptive and yet process-oriented book on the concept of security risk assessment with a specific focus on new risk evaluation methodology, OCTAVE. The term OCTAVE is used to denote f Operationally Critical Threat, Asset, and Vulnerability Evaluation "SM".It is important that organizations conduct a security risk evaluation in order for them to effectively evaluate their organizational practices as well as their installed technology base so as to make the appropriate decisions on the basis of the potential impact. Allen, J. H.; Barnum, S.; Ellison, R. J.; McGraw, G.; & Mead, N. R. Software Security Engineering: A Guide for Project Managers. Boston, MA: Addison-Wesley Professional, 2008 (ISBN: 978-0321509178). In this book Allen et al discusses the risk management plans for IT managers. The book notes that there is no silver bullet for information security risks. The best practices are what should be used in handling the IT risks. Berber, M.; von Solms, R.; & Overbeek, P. "Formalizing Information Security Requirements." Information Management and Computer Security 9, 1 (2001): 32-37. In this paper, Berber et al discusses ways of formalizing information security requirements. They noted that risk analysis and the concentration on threats, vulnerability and assets are the most effective means of protecting all IT resources. Biskup, J. &
Open Document