Press Releases: OCTAVE at STPI Bangalore


Circuit EC / Bangalore

SISA Information Security has implemented OCTAVE, a risk assessment methodology, at STPI Bangalore in a span of 20 days. The company has a tie-up with the Software Engineering Institute (SEI), Carnegie Mellon University, for training and implementation of OCTAVE.

Said Dharshan Shanthamurthy, director, operations, SISA, “OCTAVE takes into account the maximum possible loss that an organisation may face in case of a disaster. It clearly positions where an organisation stands as far as security requirements and arrangements are concerned. The complete risk assessment exercise runs to a maximum of two months.”

The STPI Bangalore implementation kicked off with the formation of a core analysis team of five people—one from SISA and four from various departments of STPI (such as IT, finance and administration) who knew the processes well. The goal of the team was to assess risk vulnerabilities at the departmental level. A supplementary analysis team was also formed with one person from SISA and four from STPI with the aim of collecting information from various departments. The full analysis team was trained on the OCTAVE methodology. A number of workshops such as an operational management workshop and a senior management workshop were conducted by SISA, and the process of identifying critical assets for different departments of STPI Bangalore was begun. After the assets were identified and organisational vulnerabilities noted, the analysis team took up penetration testing. A risk mitigation plan was drawn up as part of the assessment.

B Sankarlingam, deputy director and IT head, STPI Bangalore, said, “STPI can be a role model for other organizations adopting OCTAVE. Through it we were able to identify critical processes within STPI and the security measures by which we can plug the loopholes in these processes. OCTAVE will go a long way towards protecting us against emerging threats associated with the service industry.”

SISA is the exclusive implementer of the OCTAVE methodology in the Asia-Pacific region. It is holding talks with four IT and BPO companies with a view to implementing this methodology at their premises in the near future.


STPI Bangalore NOC