Advanced Search

Content Type

Topics

Publication Date

A Taxonomy of Operational Cyber Security Risks Version 2

Abstract

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE®) method. 

Cite This Report

Show Citation Formats

SEI

Cebula, James; Popeck, Mary; & Young, Lisa. A Taxonomy of Operational Cyber Security Risks Version 2 (CMU/SEI-2014-TN-006). Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91013

IEEE

Cebula. James, Popeck. Mary, and Young. Lisa, "A Taxonomy of Operational Cyber Security Risks Version 2," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2014-TN-006, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91013

APA

Cebula, James., Popeck, Mary., & Young, Lisa. (2014). A Taxonomy of Operational Cyber Security Risks Version 2 (CMU/SEI-2014-TN-006). Retrieved July 30, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91013

CHI

James Cebula, Mary Popeck, & Lisa Young. A Taxonomy of Operational Cyber Security Risks Version 2 (CMU/SEI-2014-TN-006). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91013

MLA

Cebula, James., Popeck, Mary., & Young, Lisa. 2014. A Taxonomy of Operational Cyber Security Risks Version 2 (Technical Report CMU/SEI-2014-TN-006). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91013