Digital Library
OCTAVE Criteria, Version 2.0
- December 2001
- This 2001 report defines a general approach for evaluating and managing information security risks.
- Cyber Risk and Resilience Management Cybersecurity Engineering OCTAVE
-
Publisher: Software Engineering Institute
CMU/SEI Report Number: CMU/SEI-2001-TR-016
-
Abstract
Today, we rely on access to digital data that are accessible, dependable, and protected from misuse. Unfortunately, this need for accessible data also exposes organizations to a variety of new threats that can affect their information. The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) enables organizations to understand and address their information security risks. OCTAVE is led by a small, interdisciplinary team of an organization's personnel and focuses on an organization's assets and the risks to those assets. It is a comprehensive, systematic, context-driven, and self-directed evaluation approach. The essential elements of the OCTAVE approach are embodied in a set of criteria that define the requirements for OCTAVE. This report describes the OCTAVE criteria. The goal of this report is to define a general approach for evaluating and managing information security risks. Organizations can then develop methods that are consistent with the OCTAVE criteria.
- Download
Part of a Collection
Cybersecurity Engineering Research: Security Engineering Risk Analysis (SERA) CollectionOCTAVE-Related Assets
Cite This Report
SEI
Alberts, Christopher; & Dorofee, Audrey. OCTAVE Criteria, Version 2.0. CMU/SEI-2001-TR-016. Software Engineering Institute, Carnegie Mellon University. 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645
IEEE
Alberts. Christopher, and Dorofee. Audrey, "OCTAVE Criteria, Version 2.0," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2001-TR-016, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645
APA
Alberts, Christopher., & Dorofee, Audrey. (2001). OCTAVE Criteria, Version 2.0 (CMU/SEI-2001-TR-016). Retrieved February 20, 2019, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645
CHI
Christopher Alberts, & Audrey Dorofee. OCTAVE Criteria, Version 2.0 (CMU/SEI-2001-TR-016). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645
MLA
Alberts, Christopher., & Dorofee, Audrey. 2001. OCTAVE Criteria, Version 2.0 (Technical Report CMU/SEI-2001-TR-016). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645
BibTex
@techreport{AlbertsOCTAVECriteria2001,
title={OCTAVE Criteria, Version 2.0},
author={Christopher Alberts and Audrey Dorofee},
year={2001},
number={CMU/SEI-2001-TR-016},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645}
}