Home » Blog » OCTAVE Threat Modeling method

OCTAVE Threat Modeling method

OCTAVE (Operational Critical Threat, Asset and Vulnerability Evaluation) is a risk-based strategic assessment and planning method. It was developed in the beginning of the century by CERT (Computer Emergency Response Team). It focuses on evaluating organizational risks without addressing technological ones and its main aspects are: operational risk, security practices and technology. Its specifics concern the fact that all the analysis is usually performed by the employees, not a third party. A combined team is formed, which includes both technical specialists and managers. It allows to assess extensively all the consequences of the â€˜security incidentsâ€™ and create countermeasures.

OCTAVE analysis phases

OCTAVE analysis consists of three phases, which are:

Building asset-based threat profiles (organizational evaluation). It includes assets references, access type, an actor (jeopardy source), a motive (or violation type), an outcome and links to jeopardy descriptions in public catalogs. According to the actor type, types of risk can be divided into three categories:

1) Risks coming from an attacker who acts through the data transportation network

2) Risks coming from an attacker who has physical access

3) Risks connected with system failures

It can lead to disclosure, modification, loss or destruction of the data source or disconnection or interruption. Trees of variations are often used at this stage.

Infrastructure vulnerability identification (information infrastructure evaluation). During this phase the infrastructure, supporting entities highlighted before (for example, a server, where the database is kept, or a workstation), and the environment, which can give access to them (for example, a corresponding local network segment) are defined. Servers, networking equipment, Information Security Systems, office PCs and home PCs for remote workers, who have access to the company network, mobile stations, IP storages and the like (and their components) are taken into account. High-severity, Middle-severity and Low-severity vulnerabilities are defined for each of the components.
Security strategy and plans development (identification of risks to the organizationâ€™s critical assets and decision making). At the third phase a report is made, where all vulnerabilities, their possible impact on the appointed assets and solutions for measures and countermeasures are listed. Then the plan for mitigating risks (long-range, mid-term and for the nearest future) is developed. Special catalogs of tools are often used to select countermeasures.

OCTAVE Risk Analysis stages

Risk analysis usually includes several successive stages.

1) Setting up priorities. The most critical goals are defined at this stage, using the criteria, which reflect possible informational risks. They can be divided into â€˜lowâ€™, â€˜middleâ€™ and â€˜highâ€™ severity types.

2) Enlisting and profiling of informational assets. It helps to define the â€˜asset limitsâ€™ and its security requirements. Each profile includes program inputs for the following stages, forms the basis for risk detecting and, thus, is made for each asset separately.

3) Asset mapping. At this stage all the â€˜containersâ€™, where and how the asset can be stored, transmitted or processed and which can contain vulnerabilities or, vice versa, become â€˜controlled secure pointsâ€™ (it might be a device, a piece of software, etc.).

4) Problematic areas detecting. Its aim is the quick detection of risks, which are visible from the first glance.

5) Risk scenarios creation. They are usually drawn in the shape of trees, where each of the branches refers to a separate asset. To make it simpler, questionnaires are used. All possible risks and their realization are taken into account, which helps to develop countermeasures later. A quality scale is used here and three possibilities of realization of risks (low, middle and high) are brought in.

6) Risk assessment. At this stage it is defined, how the risk may affect the assets (risks for each asset is assessed separately to define its criticality)

7) Damage assessment. At this stage the level of damage is assessed. This relative assessment helps to prioritize the risks.

8) Decision making. At the final stage measures to handle certain risks are chosen according to the risksâ€™ priority.

previous post

December 13, 2022

What is the Attack Trees Threat modeling method

Attack tree (threat tree) is a graphical formalism used to structure, model and analyze potential attacks. It starts with a security threat, modeled as its root, representing the attacker's top level goal. It divides into subgoals through logical gates, modeling how successful the attack steps may be. Basic attack steps are presented as leaves on the tree. It includes so-called ‘and-gates’ (when the attacker has to deliver successful ...

Read more
next post

December 19, 2022

What is STO?

Security through Obscurity (STO) is the reliance on secrecy and confusing attackers instead of building proper controls to keep them out. It is based on secluding important data. It provides protection from attacks, but it is not a panacea. Hackers and bots can try to exploit the user’s plugins in order to access the system. If plugins' and themes’ names are hidden deep on the server inside a ‘.htaccess’ file, it would take time for the ...

Read more