Digital Defense, Inc., a provider of network security compliance and risk management services, today announced an exciting addition to their Enterprise Risk Assessment Service. Two of their personnel, Rick Fleming and Tom DeSot, have completed formal training through the Carnegie Mellon University Software Engineering Institute in the OCTAVE(R) Risk Assessment Methodology. OCTAVE(R) (Operationally Critical Threat, Asset, and Vulnerability Evaluation(SM)) is a risk-based strategic assessment and planning technique for security.
“As a client of Digital Defense, we were pleased to hear about this Risk Assessment Service enhancement,” stated Cynthia Schroeder, Vice President of Technology and Support Services at Wright-Patt Credit Union, Inc. (WPCU). “The availability of personnel performing Risk Assessments that have completed training through Carnegie Mellon is timely and lends an even greater validity to a suite of services that are well-regarded in the financial services market. We are very security minded at WPCU and Digital Defense´s Risk Assessment helped us to baseline our current state of security and plan for our strategic security needs into the future.”
“We wanted Tom and Rick to train in the OCTAVE approach because it focuses on information-protection decisions that are based on risks to the confidentiality, integrity, and availability of critical information-related assets,” stated Joseph A. Cooper, CEO of Digital Defense. “This new OCTAVE-based service offering is right in line with the mindset incumbent in our Risks, Ratings and Certification(TM) module that we deliver via our Network Security Awareness System(TM) (NSAS(TM)) platform. NSAS is our proprietary security information and event management solution that helps financial institutions and enterprises with managing security on a day-to-day basis and assists them with regulatory compliance. Clients utilize NSAS via our Frontline(TM) secure web portal.”
The OCTAVE approach to security assessments differs from typical technology-centric assessments in that it focuses on organizational risk and strategic, practice-related issues, balancing operational risk, security practices, and technology. The methodology looks at technology only as it relates to security practices, enabling an organization to refine the view of its current security practices.