OCTAVE(Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a security framework which finds the level of risk in the system of an organization for preparing a system to avoid those risks. The organization uses this process to avoid any kind of treats that are likely to occur in their systems. This technique also helps in determining the cause and consequences of the attack. An organization always tries to stay one step further from the attackers to avoid these kind of situation. OCTAVE is only used by big and experienced organizations, which have some kind of relative experience on the subject.
OCTAVE follow three step process to ensure security. First step it creates profile of threats to identify the possible risks it might pose. It later conducts test to identify security holes in the organization, this process in known as vulnerability assessment. Last step is to develop strategy to patch these security holes to provide the maximum security in the system.