Automotive Deals Best Books of the Month Shop Women's Clothing Learn more nav_sap_plcc_ascpsc $5 Albums Fire TV Stick Handmade school supplies Shop-by-Room Amazon Cash Back Offer TarantinoCollection TarantinoCollection TarantinoCollection  Amazon Echo  Echo Dot  Amazon Tap  Echo Dot  Amazon Tap  Amazon Echo Introducing new colors All-New Kindle Oasis STEM Water Sports

Customer Reviews

4.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
Format: Hardcover|Change
Price:$89.99+ Free shipping with Amazon Prime

Your rating(Clear)Rate this item
Share your thoughts with other customers

There was a problem filtering reviews right now. Please try again later.

on April 15, 2016
Bought this book for a risk analysis class (college). This book it is okay intro to the process.
0Comment|Was this review helpful to you?YesNoReport abuse
on March 4, 2013
This book is very interesting and useful for us as IT Auditors and IT Risk Management. A description of the method OCTAVE very clear.
0Comment| One person found this helpful. Was this review helpful to you?YesNoReport abuse
on December 1, 2003
OCTAVE--which stands for Operationally Critical Threat, Asset and Vulnerability Evaluation--is a methodology for independent information-security risk evaluations. An outgrowth of the Computer Emergency Response Team at Carnegie Mellon University, OCTAVE attempts to help organizations balance the risks of information systems with the business need to deploy these systems. This book is a solid explanation of OCTAVE.
The authors detail the methods to implement OCTAVE, create threat profiles, conduct a risk analysis, develop strategy, and so on. All steps to ensure that risk is adequately addressed are presented.
Most useful for the practitioner are the book's numerous case studies and worksheets and its catalog of the eight OCTAVE processes. A caveat: it is unwise to fill out the worksheets without first reading the book. Doing OCTAVE right means no shortcuts. Also, the reader shouldn't think that this approach can be implemented by a single person in a few days.
In sum, while the prose doesn't exactly sing, it does strike the appropriate tone for this excellent presentation on OCTAVE.
0Comment| 5 people found this helpful. Was this review helpful to you?YesNoReport abuse
The OCTAVE approach is an effective and proven approach to security risk management, and this book distills the documentation that is available from SEI's CERT/CC group into a succinct, clearly written description of OCTAVE and associated processes.
OCTAVE stands for "Operationally Critical Threat, Asset, and Vulnerability Evaluation", which focuses specifically on business or organizational critical success factors and operational postures. This differs slightly from traditional vulnerability assessments, which are wider in scope, and auditing, which is based on policies and due diligence. While there seems to be little distinction on the surface, as you read this book you discover that OCTAVE's focus and philosophy is akin to Pareto analysis in that you narrow the scope to business success and operational factors.
The book is divided into three main parts:
I - Introduction (introduces OCTAVE and describes the basics).
II - OCTAVE Method (explains the method, how to identify organizational knowledge, create threat profiles, identify key components, select components for evaluation, conduct a risk analysis, develop and select a strategy).
III - Variations and tailoring strategies.
In addition to the main sections the appendices are valuable. They include case studies, worksheets and a catalog of the eight OCTAVE processes.
Note that OCTAVE is intended for organizations in excess of 300 people, although OCTAVE-S (briefly covered in Part III) is a scaled down version of the main approach. There is also a version of OCTAVE that addresses outsourcing, but was skimmed over very quickly in the book.
The book is an excellent guide to OCTAVE, and, in my opinion, OCTAVE itself is a viable approach to information security risk management.
0Comment| 11 people found this helpful. Was this review helpful to you?YesNoReport abuse

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.