1 / 5

Systems Criticality Matrix

Systems Criticality Matrix. National Security Agency Information Assurance Methodology. OCTAVE SM. Operationally Critical, Threat, Asset and Vulnerability Evaluation Sort through complex organizational and technological issues Defines an approach to information security risk evaluations

korene
Download Presentation

Systems Criticality Matrix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Systems Criticality Matrix National Security Agency Information Assurance Methodology

  2. OCTAVESM • Operationally Critical, Threat, Asset and Vulnerability Evaluation • Sort through complex organizational and technological issues • Defines an approach to information security risk evaluations • Comprehensive • Systematic • Context driven • Self-directed • Self directed • Business and IT part of the team • Three Phases • Build asset-based threat profiles • Identify infrastructure vulnerabilities • Develop security strategy and plans OCTAVESM Carnegie Mellon – Software Engineering Institute

  3. M M L M L - M M M M H Disclosure Accidental Modification M M L M L - M M H M H Loss, Destruction Interruption Inside M M L M L - M M M M H Disclosure Modification M M H M H - M M H M H Deliberate Loss, Destruction Interruption Network Patient Records System M M L M L - M M M M H Disclosure Accidental Modification M M H M H - M M H M H Loss, Destruction Interruption Outside H H L M L - M M H M H Disclosure Modification Deliberate M M H M H - M M H M H Loss, Destruction Interruption Reputation Financial Productivity Fines Safety Other Human Actors Using Network Access OCTAVESM Carnegie Mellon – Software Engineering Institute

  4. Disclosure Disclosure Disclosure Disclosure Modification Modification Modification Modification Loss, Destruction Loss, Destruction Loss, Destruction Loss, Destruction Interruption Interruption Interruption Interruption Software defects Malicious Code System crashes Hardware defects M M L M L - M M M M H M M L M L - M M H M H M M L M L - M M M M H M M H M H - M M H M H Patient Records System M M L M L - M M M M H M M H M H - M M H M H H H L M L - M M H M H Threat Profile: System Problems M M H M H - M M H M H Reputation Financial Productivity Fines Safety Other OCTAVESM Carnegie Mellon – Software Engineering Institute

  5. Human Actors Using Network Access Basic Risk Profile OCTAVESM Carnegie Mellon – Software Engineering Institute

More Related