Educause Security Discussion mailing list archives
Re: OCTAVE
From: Carol Myers <carol.myers () PVMAIL MARICOPA EDU>
Date: Fri, 9 Dec 2005 08:08:48 -0800
Mark, I have found OCTAVE very useful due to its ability to be modified for specific campus needs. As you may be aware OCTAVE was designed initially for federal government so at first blush it may seem very complex. The methodology is sound and I found the forms to be most useful. Your institution's risk climate would dictate whether or not you would use outside help for a full blown OCTAVE implementation, or simplify and modify as needed. I used an intern to sift and craft OCATVE materials that would work my institution. You may also want to check out OCTAVE S for smaller institutions. Helpful assessment materials and other useful information is available through the Educause/Internet2 Security Task Force. Do look here http://www.educause.edu/Browse/645?PARENT_ID=665 and here http://www.educause.edu/EffectiveSecurityPracticesGuide/1246 Happy to share documentation if you like. Good luck to you. Carol -- Carol Myers, CISSP Information Resources & Technology Support Paradise Valley Community College 602.787.7788 "One ought, every day at least, to hear a little song, read a good poem, see a fine picture, and, if it were possible, to speak a few reasonable words." --Johann Wolfgang von Goethe Mark Rogowski wrote:
Hi Everyone, I would appreciate some feedback from those of you who have used the OCTAVE risk assessment methodology. More specifically: How has the methodology worked for you, or has it worked at all Any major pitfalls? Did you require outside help to make it a success? For those who used it, have you or would you consider incorporating it into the overall risk management process? Any other insight or comments about OCTAVE? Thanks. Mark Rogowski IT Security Technology Solutions Centre University of Winnipeg Ph: (204) 786-9034
Current thread:
- OCTAVE Mark Rogowski (Dec 08)
- <Possible follow-ups>
- Re: OCTAVE Carol Myers (Dec 09)
- Re: OCTAVE Mark Rogowski (Dec 09)