Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Anyone using OCTAVE process?
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Thu, 20 Sep 2007 09:10:18 -0600

While we're not using OCTAVE directly, it was one of several risk
assessment/analysis/management resources that went into the development
of the process we use:
http://www.colorado.edu/its/security/itriskmanagement/

I need to update the version of the document on the website as it
doesn't include the important interview stage, but this is what I'm
using at the moment.  

The next step for me is coming up with a much quicker version for lower
risk departments.  The full version is heavily facilitated and take a
lot of time.

Brad Judy

IT Security Office
University of Colorado at Boulder

-----Original Message-----
From: David Grisham [mailto:DGrisham () SALUD UNM EDU] 
Sent: Wednesday, September 19, 2007 1:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Anyone using OCTAVE process?

UNM HSC is considering the use of the OCTAVE process as a 
risk management system.  We have previously tried risk 
analysis software with various success.  
Would anyone who has used the OCTAVE process for a risk 
analysis please let us know:
1. What was the length of your learning curve for those involved?
2.  What length of time did your process take to complete?
3.  Where the outcomes-action items understandable and usable?
Any other recommendations and/or information would be greatly 
appreciated.
David Grisham, Manager, IT Security
UNM Hospitals, HSC
(505) 272-5657
Dgrisham () salud unm edu 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]