Student Name: Victor Wong
Instructor Name: Dr Crowley
ITEC 6324-Assignment 9
Contrast 1
- NIST 800-30 Risk Management is a management responsibility but OCTAVE is a risk-based strategic assessment and planning technique for security that involves all levels.
- NIST 800-30 is more expert led while OCTAVE is self directed.
Contrast 2
- OCTAVE focuses on information-protection decisions based on risks to the confidentiality, integrity, and availability of critical information-related assets. Whereas NIST 800-30 helps organizations to better manage IT-related mission risks and provides information on the selection of cost-effective security-controls
Comparison
- NIST 800-30 encompasses 3 processes (risk assessment, risk mitigation and evaluation & assessment) while OCTAVE uses a 3 phase approach (build asset-based threat profiles, identify infrastructure vulnerabilities and develop security strategy & plans).
- Both OCTAVE and NIST 800-30 are organization evaluation
-
-
THE END