https://resources.sei.cmu.edu/asset_files/TechnicalReport/1999_005_001_16769.pdf

Question

https://resources.sei.cmu.edu/asset_files/TechnicalReport/1999_005_001_16769.pdf Describe the 8 processes of the Octave method. You will describe the activities and personnel involved. Complete the table below.

Process Number

Name of Process

Activities

Personnel Involved

Part III, Perform a Baseline Security Audit:

Download here: https://www.microsoft.com/en-us/download/details.aspx?id=7558

Guide to Microsoft Baseline Security Analyzer http://technology.pitt.edu/security/getting-started-with-using-the-microsoft-baseline-security-analyzer-mbsa

Perform scan. Screenshot results. Paste into document.

Write a paragraph (about 100 - 200 words) to summarize and comment on your scan results right after the screenshot, including both the strengths and weaknesses of your system scanned.

Process Number

Name of Process

Activities

Personnel Involved

Explanation / Answer

Process 1, Identify Enterprise Knowledge. This process identifies what senior managers perceive to be the key assets and their values, the threats to those assets, indicators of risk, and the current protection strategy employed by the enterprise.

• Process 2, Identify Operational Area Knowledge. This process identifies what operational area managers perceive to be the key assets and their values, the threats to those assets, indicators of risk, and the current protection strategy employed by the enterprise.

• Process 3, Identify Staff Knowledge. This process identifies what staff-level personnel perceive to be the key assets and their values, the threats to those assets, indicators of risk, and the current protection strategy employed by the enterprise •

Process 4, Establish Security Requirements. This process integrates the individual perspectives identified in the first three processes to produce an enterprise view of the assets,threats, protection strategies, and risk indicators. In addition, the security requirements of the enterprise are identified.

Process 5 -:Map High-Priority Information Assets to Information Infrastructure OCTAVE’s fifth process, Map High-Priority Information Assets to Information Infrastructure, defines the activity of taking the asset and threat information from Phase 1 and identifying the high-priority components of the information infrastructure.

Process 6: Perform Infrastructure Vulnerability Evaluation OCTAVE’s sixth process - defines the activity of evaluating the vul nerability of the high-priority information infrastructure components identified in Process 5. The information infrastructure refers to both the computing infrastructure as well as the physical infrastructure.

Process 7: Conduct Multi-Dimensional Risk Analysis OCTAVE’s seventh process, is the activity of identifying and prioritizing risks to the enterprise. Risks are defined based on the knowledge of the staff as well as an understanding of validated intrusion scenarios, exposed assets, impacts of exposed assets, threats to the exposed assets, and threat probabilities.

Process 8: Develop Protection Strategy OCTAVE’s eighth process defines the activities of developing and implementing a strategy to protect the enterprise by reducing its information security risk.

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.