Join Amazon Prime and ship Two-Day for free and Overnight for $3.99. Already a member? Sign in.

Quantity:

More Buying Choices

31 used & new from $39.94

Have one to sell? Sell yours here

Tell the Publisher! I�d like to read this book on Kindle Don�t have a Kindle? Get yours here.

Managing Information Security Risks: The OCTAVE (SM) Approach (SEI Series in Software Engineering) (Hardcover)

by Christopher Alberts (Author), Audrey Dorofee (Author)

5.0 out of 5 stars See all reviews (2 customer reviews)

List Price:	$74.99
Price:	$59.99 & this item ships for FREE with Super Saver Shipping. Details
You Save:	$15.00 (20%)
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Only 1 left in stock--order soon (more on the way).

Want it delivered Thursday, July 23? Choose One-Day Shipping at checkout. Details

17 new from $43.72 14 used from $39.94

Frequently Bought Together

Price For All Three: $158.64

Show availability and shipping details

This item: Managing Information Security Risks: The OCTAVE (SM) Approach (SEI Series in Software Engineering) by Christopher Alberts
In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments by Douglas J. Landoll
In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details
Security Metrics: Replacing Fear, Uncertainty, and Doubt by Andrew Jaquith
In Stock.
Ships from and sold by Amazon.com.
This item ships for FREE with Super Saver Shipping. Details

Customers Who Bought This Item Also Bought

Security Metrics: Replacing Fear, Uncertainty, and Doubt

by Andrew Jaquith

4.6 out of 5 stars (20) $31.49

Writing Information Security Policies (Landmark)

by Scott Barman

4.5 out of 5 stars (11) $34.99

Security Engineering: A Guide to Building Dependable Distributed Systems

by Ross J. Anderson

4.7 out of 5 stars (30) $55.25

Incident Response and Computer Forensics, Second Edition

by Chris Prosise

4.6 out of 5 stars (30) $33.38

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

by Gordon Fyodor Lyon

4.9 out of 5 stars (14) $32.97

› Explore similar items

Editorial Reviews

Product Description
Provides a systematic way to evaluate and manage information security risks. Illustrates the implementation of self-directed evaluations. Shows how to tailor evaluation methods to different types of organizations.

From the Back Cover

Information security requires far more than the latest tool or technology. Organizations must understand exactly what they are trying to protect--and why--before selecting specific solutions. Security issues are complex and often are rooted in organizational and business concerns. A careful evaluation of security needs and risks in this broader context must precede any security implementation to insure that all the relevant, underlying problems are first uncovered.

The OCTAVE approach for self-directed security evaluations was developed at the influential CERT(R) Coordination Center. This approach is designed to help you:

Identify and rank key information assets
Weigh threats to those assets
Analyze vulnerabilities involving both technology and practices

OCTAVE(SM) enables any organization to develop security priorities based on the organization's particular business concerns. The approach provides a coherent framework for aligning security actions with overall objectives.

Managing Information Security Risks, written by the developers of OCTAVE, is the complete and authoritative guide to its principles and implementations. The book:

Provides a systematic way to evaluate and manage information security risks
Illustrates the implementation of self-directed evaluations
Shows how to tailor evaluation methods to different types of organizations

Special features of the book include:

A running example to illustrate important concepts and techniques
A convenient set of evaluation worksheets
A catalog of best practices to which organizations can compare their own

0321118863B05172002

See all Editorial Reviews

Product Details

Hardcover: 512 pages
Publisher: Addison-Wesley Professional (July 19, 2002)
Language: English
ISBN-10: 0321118863
ISBN-13: 978-0321118868
Product Dimensions: 9.2 x 7.4 x 1.3 inches
Shipping Weight: 2.2 pounds (View shipping rates and policies)

Average Customer Review: 5.0 out of 5 stars See all reviews (2 customer reviews)

Amazon.com Sales Rank: #302,119 in Books (See Bestsellers in Books)

Would you like to update product info or give feedback on images?

This item is part of The SEI Series.

More About the Author

Discover books, learn about writers, read author blogs, and more.

› Visit Amazon's Christopher J. Alberts Page

Look Inside This Book

Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Back Cover

Citations (learn more)

1 book cites this book:

Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle by Erik Pace Birkholz on page 998

Tag this product

(What's this?)

Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items.

Help others find this product — tag it for Amazon search

No one has tagged this product for Amazon search yet. Why not be the first to suggest a search for which it should appear?

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

2 Reviews

5 star:		(2)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

Average Customer Review

5.0 out of 5 stars (2 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

9 of 11 people found the following review helpful:

5.0 out of 5 stars Detailed intro to SEI's CERT/CC OCTAVE method, July 27, 2002

By	Mike Tarrani "www.tarrani.com" (Deltona, FL USA) - See all my reviews (TOP 500 REVIEWER) (REAL NAME) (COMMUNITY FORUM 04)

The OCTAVE approach is an effective and proven approach to security risk management, and this book distills the documentation that is available from SEI's CERT/CC group into a succinct, clearly written description of OCTAVE and associated processes.

OCTAVE stands for "Operationally Critical Threat, Asset, and Vulnerability Evaluation", which focuses specifically on business or organizational critical success factors and operational postures. This differs slightly from traditional vulnerability assessments, which are wider in scope, and auditing, which is based on policies and due diligence. While there seems to be little distinction on the surface, as you read this book you discover that OCTAVE's focus and philosophy is akin to Pareto analysis in that you narrow the scope to business success and operational factors.

The book is divided into three main parts:

I - Introduction (introduces OCTAVE and describes the basics).
II - OCTAVE Method (explains the method, how to identify organizational knowledge, create threat profiles, identify key components, select components for evaluation, conduct a risk analysis, develop and select a strategy).
III - Variations and tailoring strategies.

In addition to the main sections the appendices are valuable. They include case studies, worksheets and a catalog of the eight OCTAVE processes.

Note that OCTAVE is intended for organizations in excess of 300 people, although OCTAVE-S (briefly covered in Part III) is a scaled down version of the main approach. There is also a version of OCTAVE that addresses outsourcing, but was skimmed over very quickly in the book.

The book is an excellent guide to OCTAVE, and, in my opinion, OCTAVE itself is a viable approach to information security risk management.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)

3 of 3 people found the following review helpful:

5.0 out of 5 stars Great book about a great security methodology, December 1, 2003

By	Ben Rothke "Author of 'Computer Security: 20 ... (USA) - See all my reviews (TOP 500 REVIEWER) (REAL NAME)

OCTAVE--which stands for Operationally Critical Threat, Asset and Vulnerability Evaluation--is a methodology for independent information-security risk evaluations. An outgrowth of the Computer Emergency Response Team at Carnegie Mellon University, OCTAVE attempts to help organizations balance the risks of information systems with the business need to deploy these systems. This book is a solid explanation of OCTAVE.

The authors detail the methods to implement OCTAVE, create threat profiles, conduct a risk analysis, develop strategy, and so on. All steps to ensure that risk is adequately addressed are presented.

Most useful for the practitioner are the book's numerous case studies and worksheets and its catalog of the eight OCTAVE processes. A caveat: it is unwise to fill out the worksheets without first reading the book. Doing OCTAVE right means no shortcuts. Also, the reader shouldn't think that this approach can be implemented by a single person in a few days.

In sum, while the prose doesn't exactly sing, it does strike the appropriate tone for this excellent presentation on OCTAVE.