Software Process Improvement Overview - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Software Process Improvement Overview

Description:

Software Engineering Institute. Carnegie Mellon University. Pittsburgh, PA 15213 ... HIPAA Requirements. periodic information security risk evaluations. the ... – PowerPoint PPT presentation

Number of Views:78
Avg rating:3.0/5.0
Slides: 20
Provided by: softwareen2
Category:

less

Transcript and Presenter's Notes

Title: Software Process Improvement Overview


1
OCTAVESM Participants Briefing
  • Software Engineering Institute
  • Carnegie Mellon University
  • Pittsburgh, PA 15213
  • Sponsored by the U.S. Department of Defense

2
OCTAVESM
  • Operationally Critical Threat, Asset, and
    Vulnerability EvaluationSM
  • Operationally Critical threat, Asset, and
    Vulnerability Evaluation and OCTAVE are service
    marks of Carnegie Mellon University.

3
Purpose of Briefing
  • To explain the benefits of using the evaluation
  • To describe the OCTAVE Method for self-directed
    information security risk evaluations
  • To provide an overview of your roles in the
    OCTAVE activities

4
Benefits for Your Organization
  • Identify information security risks that could
    prevent you from achieving your mission.
  • Learn to manage information security risk
    assessments.
  • Create a protection strategy designed to reduce
    your highest priority information security risks.
  • Position your site for compliance with data
    security requirements or regulations.

5
Risk Management Regulations
  • HIPAA Requirements
  • periodic information security risk evaluations
  • the organization
  • assesses risks to information security
  • takes steps to mitigate risks to an acceptable
    level
  • maintains that level of risk
  • Gramm-Leach-Bliley financial legislation that
    became law in 1999
  • assess data security risks
  • have plans to address those risks

Health Insurance Portability and Accountability
Act
6
Security Approaches
  • Vulnerability Management (Reactive)
  • Identify and fix vulnerabilities
  • Risk Management (Proactive)
  • Identify and manage risks

Reactive
Proactive
7
Approaches for Evaluating Information Security
Risks
Interaction Required
8
OCTAVE Process
Progressive Series of Workshops
Phase 1 OrganizationalView
Phase 3 Strategy and Plan Development
Planning
Phase 2 TechnologicalView
9
Workshop Structure
  • A team of site personnel facilitates the
    workshops.
  • Contextual expertise is provided by your staff.
  • Activities are driven by your staff.
  • Decisions are made by your staff.

10
Conducting OCTAVE
OCTAVE Process
time
  • An interdisciplinary team of your personnel that
  • facilitates the process and analyzes data
  • business or mission-related staff
  • information technology staff

11
Phase 1 Workshops
Different views of Critical assets, Areas
of concern, Security requirements, Current
protection strategy practices, Organizational
vulnerabilities
Process 4 Create Threat Profiles
Process 3 (multiple) Identify Staff Knowledge
Consolidated information,Threats to critical
assets
12
Phase 2 Workshops
Key components for critical assets
Vulnerabilities for key components
13
Phase 3 Workshops
Risks to critical assets
Proposed protection strategy, plans, actions
(strategy review, revision, approval)
Approved protection strategy
14
Outputs of OCTAVE
Protection Strategy
Organization
Mitigation Plan
Assets
Near-Term Actions
Action List
15
Site Staffing Requirements -1
At least 11 workshops and briefings
  • A interdisciplinary analysis team to analyze
    information
  • information technology (IT)
  • administrative
  • functional
  • Cross-section of personnel to participate in
    workshops
  • senior managers
  • operational area managers
  • staff, including IT
  • Additional personnel to assist the analysis team
    as needed

2 workshops1 workshop1workshop
16
Site Staffing Requirements -2
  • All Participants Analysis Team
  • Senior Managers Analysis Team
  • Operational Area Managers Analysis Team
  • Staff Analysis Team
  • Analysis Team
  • Participants Briefing
  • Workshop Identify Senior Management Knowledge
  • Workshop(s) Identify Operational Area Management
    Knowledge
  • Workshop(s) Identify Staff Knowledge
  • Workshop Create Threat Profiles

17
Site Staffing Requirements -3
  • Workshop Identify Key Components
  • Vulnerability Evaluation and Workshop Evaluate
    Selected Components
  • Workshop Conduct Risk Analysis
  • Workshop Develop Protection Strategy
  • (develop)(review, select, and approve)
  • Results Briefing
  • Analysis Team Selected IT Staff
  • IT Staff Analysis Team
  • Analysis Team Selected Staff
  • Analysis Team Selected StaffSenior Managers
    Analysis Team
  • All Participants Analysis Team

18
Rules of Conduct
  • Show up for your workshops or sessions on time.
  • The analysis team will not attribute anything you
    say to you please do the same for those in your
    workshops.
  • Open communication is required for this to
    succeed.
  • Work with the logistics coordinator if there are
    any changes in your availability.
  • Please turn off pagers, beepers, and cell-phones
    during the workshops!

19
Next Steps
  • The schedule
  • Hold the first set of workshops
  • senior managers
  • operational area managers
  • staff
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Software Process Improvement Overview" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!