Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Report

OCTAVE Catalog of Practices, Version 2.0

  • Abstract

    The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Method enables organizations to identify the risks to their most important assets and build mitigation plans to address those risks. OCTAVE uses three "catalogs" of information to maintain modularity and keep the method separate from specific technologies. One of these catalogs is the catalog of good security practices. It provides the means to measure an organization's current security practices and to build a strategy for improving its practices to protect its critical assets.  

    The catalog of practices is divided into two types of practice—strategic and operational. The strategic practices focus on organizational issues at the policy level and provide good, general management practices. Operational practices focus on the technology-related issues dealing with how people use, interact with, and protect technology. This technical report describes how the catalog of practices is used in OCTAVE and describes the catalog in detail.

  • Download

Part of a Collection

OCTAVE-Related Assets

Cite This Report

SEI

Albert, Cecilia; Dorofee, Audrey; & Allen, Julia. OCTAVE Catalog of Practices, Version 2.0. CMU/SEI-2001-TR-020. Software Engineering Institute, Carnegie Mellon University. 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5701

IEEE

Albert. Cecilia, Dorofee. Audrey, and Allen. Julia, "OCTAVE Catalog of Practices, Version 2.0," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2001-TR-020, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5701

APA

Albert, Cecilia., Dorofee, Audrey., & Allen, Julia. (2001). OCTAVE Catalog of Practices, Version 2.0 (CMU/SEI-2001-TR-020). Retrieved September 19, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5701

CHI

Cecilia Albert, Audrey Dorofee, & Julia Allen. OCTAVE Catalog of Practices, Version 2.0 (CMU/SEI-2001-TR-020). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5701

MLA

Albert, Cecilia., Dorofee, Audrey., & Allen, Julia. 2001. OCTAVE Catalog of Practices, Version 2.0 (Technical Report CMU/SEI-2001-TR-020). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5701

BibTex

@techreport{AlbertOCTAVECatalog2001,
title={OCTAVE Catalog of Practices, Version 2.0},
author={Cecilia Albert and Audrey Dorofee and Julia Allen},
year={2001},
number={CMU/SEI-2001-TR-020},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5701} }