Operationally Critical Threat, Asset and Vulnerability Evaluation

What Does Operationally Critical Threat, Asset and Vulnerability Evaluation Mean?

An Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) is a security framework for identifying, addressing and managing information security assessments and and risk-based planning. It consists of tools, technologies and procedures for helping organizations identify and evaluate the security risks they face. OCTAVE is primarily targeted at organization-related security risks rather than technological risks.


Techopedia Explains Operationally Critical Threat, Asset and Vulnerability Evaluation

OCTAVE was initially conceived by the Software Engineering Institute at Carnegie Mellon University to help the U.S. Department of Defense (DoD) address its security risks and challenges. It works around three different phases:

  • Building an asset-based threat profile
    This involves the identification and selection of different critical assets and the security requirements for each one of them. A threat profile for all identified assets is created.
  • Indentifying infrastructure vulnerabilities
    This phase involves identifying network access paths, classifying technology components related to critical assets and the extent to which those components are secure against network vulnerabilities and attacks.
  • Develop a security strategy and plan
    Based on the data collected in previous phases, a formal plan is created to address the risks associated with each critical asset.

Related Terms

Margaret Rouse

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.