This is a book that has taken a lot of unnecessary flack from people that don't really understand that there is a audience for books that address the professional audience and therefore doesn't really need a lot of handholding.

This is an excellent book about a method for analysis of security requirements. You may or may not agree on all details, but it is definetely worth reading if you're in the business. Be forewarned, this is no beginners book! Oh, and the term OCTAVE stands for: Operationally Critical Threat, Asset, and Vulnerability Evaluation, just so you know…