search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

OCTAVE Criteria, Version 2.0

Technical Report
By
This 2001 report defines a general approach for evaluating and managing information security risks.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2001-TR-016
DOI (Digital Object Identifier)
10.1184/R1/6575843.v1
Subjects

Abstract

Today, we rely on access to digital data that are accessible, dependable, and protected from misuse. Unfortunately, this need for accessible data also exposes organizations to a variety of new threats that can affect their information. The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) enables organizations to understand and address their information security risks. OCTAVE is led by a small, interdisciplinary team of an organization's personnel and focuses on an organization's assets and the risks to those assets. It is a comprehensive, systematic, context-driven, and self-directed evaluation approach. The essential elements of the OCTAVE approach are embodied in a set of criteria that define the requirements for OCTAVE. This report describes the OCTAVE criteria. The goal of this report is to define a general approach for evaluating and managing information security risks. Organizations can then develop methods that are consistent with the OCTAVE criteria.

SHARE
Download PDF
Part of a Collection

OCTAVE-Related Assets

Cybersecurity Engineering Research: Security Engineering Risk Analysis (SERA) Collection
Cite This Technical Report

Alberts, C., & Dorofee, A. (2001, December 1). OCTAVE Criteria, Version 2.0. (Technical Report CMU/SEI-2001-TR-016). Retrieved April 20, 2024, from https://doi.org/10.1184/R1/6575843.v1.

@techreport{alberts_2001,
author={Alberts, Christopher and Dorofee, Audrey},
title={OCTAVE Criteria, Version 2.0},
month={Dec},
year={2001},
number={CMU/SEI-2001-TR-016},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6575843.v1},
note={Accessed: 2024-Apr-20}
}

Alberts, Christopher, and Audrey Dorofee. "OCTAVE Criteria, Version 2.0." (CMU/SEI-2001-TR-016). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 1, 2001. https://doi.org/10.1184/R1/6575843.v1.

C. Alberts, and A. Dorofee, "OCTAVE Criteria, Version 2.0," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2001-TR-016, 1-Dec-2001 [Online]. Available: https://doi.org/10.1184/R1/6575843.v1. [Accessed: 20-Apr-2024].

Alberts, Christopher, and Audrey Dorofee. "OCTAVE Criteria, Version 2.0." (Technical Report CMU/SEI-2001-TR-016). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Dec. 2001. https://doi.org/10.1184/R1/6575843.v1. Accessed 20 Apr. 2024.

Alberts, Christopher; & Dorofee, Audrey. OCTAVE Criteria, Version 2.0. CMU/SEI-2001-TR-016. Software Engineering Institute. 2001. https://doi.org/10.1184/R1/6575843.v1

Ask a question about this Technical Report