Services  |  Solutions  |  Technology  |  Vulnerability Research  |  Security Resources  |  Certifications   |  About

Payment Card Industry Octave Trained

Octave Trained - Overview

Digital Defense employs the highly rated and widely accepted OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation SM) methodology developed by the Software Engineering Institute at Carnegie Mellon University when performing Enterprise Risk Assessments. OCTAVE is a risk-based strategic assessment and planning technique for understanding information security risks and their associated remediation needs.

The OCTAVE Method utilizes a four-phased approach to examine organizational and technology issues, assembling a comprehensive picture of the organization's information security needs. The method takes advantage of knowledge from several levels of the organization, focusing on:

• identifying acceptable risk levels for the organization
• identifying critical assets and their associated digital and physical containers
• identifying and analyzing the threats associated with those containers
• developing a practice-based protection strategy and risk mitigation plans to support the organization's mission and priorities

Unlike technology-focused assessments, OCTAVE focuses on organizational risk and strategic, practice-related issues. It balances operational risk, security practices, and technology. In this manner, the OCTAVE methodology ensures that you address critical information assets, business needs, threats, and remediation needs.

The OCTAVE training course, which your Digital Defense professional has completed and passed, covers the OCTAVE approach, OCTAVE Method, preparation for implementing the method, and guidelines for tailoring the method.

By employing Digital Defense OCTAVE-trained personnel to perform your Enterprise Risk Assessment, you glean the following benefits:

• The ability to manage and control your enterprise-wide information security risk evaluations
• The ability to develop appropriate protection strategies by considering policy, management, administrative, technological, and other organizational issues to form a comprehensive view of the security state of your organization
• The ability to improve your effectiveness at communicating your business and security needs.internally and externally
• The ability to obtain a holistic, organization-wide view of critical information assets and their associated threat profiles

*OCTAVE and Operationally Critical Threat, Asset, and Vulnerability Evaluation are Registered Service Marks of the Software Engineering Institute of Carnegie Mellon University.