Compliance: Octave
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a risk assessment and management method, used to ensure information systems security.
The creators of OCTAVE came from Carnegie Mellon, the renowned American university for IS security and founders of the first CERT, the Computer Emergency Response Team, who specialize in assistance against system intrusion.
OCTAVE comprises 3 phases:
-
Organizational view
- Assets
- Threats
- Organizational vulnerabilities
- Security requirements
- Current practices -
Technological view
- Key components
- Technical vulnerabilities -
Strategy and plan development
- Risk assessment
- Risk classification
- Protection strategy
- Mitigation plan
IS Decisions provides a range of software solutions that can be used to support OCTAVE methodology:
| Action | IS Decisions Aptitude | IS Decisions Solution | IS Decisions solution's features |
|---|---|---|---|
| Key components | Know | WinReporter | Comprehensive hardware, software and system audit for Windows resources |
| Search, report and archive configuration settings | |||
| Report permissions applied to files, folders and shares | |||
| Control | UserLock | Identification of users connected to the environment | |
| Search, report and archive user connectivity | |||
| FileAudit | Identification of accesses to a file or folder | ||
| Search, report and archive file and folder accesses | |||
| EvenTrigger | Windows event log monitoring | ||
| Historisation, recherche et édition des incidents | |||
| Technical vulnerabilities | Know | WinReporter | Report applied hotfixes |
| Control | EvenTrigger | Administrator alert upon incident detection | |
| Historisation, recherche et édition des incidents |