Advanced Search

Content Type

Topics

Publication Date

Applying OCTAVE: Practitioners Report

Abstract

The CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method, an approach for managing information security risks, was designed to be sufficiently flexible for organizations to address unique and highly contextual analysis needs through tailoring capabilities. This document describes how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs. Guidelines for successful tailoring, built on the reporting practitioners successes, are provided to help an organization fit the OCTAVE approach to their specific domain and organizational needs. The range of applications demonstrates the flexibility of the OCTAVE approach and its value in addressing security risk management. 

Readers should already be familiar with the general concepts of the OCTAVE approach.

Asset Collections

OCTAVE Related Assets

Cite This Report

Show Citation Formats

SEI

Woody, Carol; Coleman, Johnathan; Fancher, Michael; Myers, Carol; & Young, Lisa. Applying OCTAVE: Practitioners Report (CMU/SEI-2006-TN-010). Software Engineering Institute, Carnegie Mellon University, 2006. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7875

IEEE

Woody. Carol, Coleman. Johnathan, Fancher. Michael, Myers. Carol, and Young. Lisa, "Applying OCTAVE: Practitioners Report," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2006-TN-010, 2006. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7875

APA

Woody, Carol., Coleman, Johnathan., Fancher, Michael., Myers, Carol., & Young, Lisa. (2006). Applying OCTAVE: Practitioners Report (CMU/SEI-2006-TN-010). Retrieved October 02, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7875

CHI

Carol Woody, Johnathan Coleman, Michael Fancher, Carol Myers, & Lisa Young. Applying OCTAVE: Practitioners Report (CMU/SEI-2006-TN-010). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7875

MLA

Woody, Carol., Coleman, Johnathan., Fancher, Michael., Myers, Carol., & Young, Lisa. 2006. Applying OCTAVE: Practitioners Report (Technical Report CMU/SEI-2006-TN-010). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7875