Digital Library

Advanced Search

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Keywords Phrases

Title

Author

ISBN

Content Type

Annual Report
Article
Audio
Book Chapter
Book
Brochure
CERT Research Report
Collection
Conference Paper
Curriculum Module

Educational Material
Fact Sheet
Form
Handbook
Maturity Module
Newsletter
Podcast
Poster
Presentation
Security Improvement Module

Software
Special Report
Technical Note
Technical Report
User's Guide
Video
Webinar
White Paper

Topics

Acquisition Support
Agile
Big Data
CERT/CC
CMMI
CSIRTs
Cloud Computing
Critical Infrastructure Protection
Cyber Risk and Resilience Management
Cyber-Physical Systems
Cybersecurity Engineering
DevOps
Digital Intelligence and Investigation
FloCon
Forensics
Governance
Incident Handling
Incident Management
Insider Threat
MERIT

Malware Analysis
Measurement and Analysis
Network Situational Awareness
OCTAVE
People CMM
Performance and Dependability
Pervasive Mobile Computing
Predictability by Construction
Privacy
Process Improvement
Research Review
Resilience Management Model (RMM)
Risk Assessment
Risk and Opportunity Management
SATURN
SQUARE
Science of Cybersecurity
Secure Coding
Security Training
Service-Oriented Architecture

Smart Grid Maturity Model
Software Architecture
Software Assurance
Software Product Lines
Software Solutions Symposium
Supply Chain Assurance
Survivability Analysis Framework (SAF)
Survivability and Information Assurance (SIA)
System of Systems
TSP
TSP Symposium
Technical Debt
Technical Debt Workshop
Threat
Ultra-Large-Scale Systems
Vulnerability Analysis
Workforce Development

Publication Date

From:

To:

Technical Report

OCTAVE Criteria, Version 2.0

December 2001
By Christopher J. Alberts, Audrey J. Dorofee
This 2001 report defines a general approach for evaluating and managing information security risks.
Cyber Risk and Resilience Management Cybersecurity Engineering
Publisher: Software Engineering Institute
CMU/SEI Report Number: CMU/SEI-2001-TR-016

Abstract

Today, we rely on access to digital data that are accessible, dependable, and protected from misuse. Unfortunately, this need for accessible data also exposes organizations to a variety of new threats that can affect their information. The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) enables organizations to understand and address their information security risks. OCTAVE is led by a small, interdisciplinary team of an organization's personnel and focuses on an organization's assets and the risks to those assets. It is a comprehensive, systematic, context-driven, and self-directed evaluation approach. The essential elements of the OCTAVE approach are embodied in a set of criteria that define the requirements for OCTAVE. This report describes the OCTAVE criteria. The goal of this report is to define a general approach for evaluating and managing information security risks. Organizations can then develop methods that are consistent with the OCTAVE criteria.
Download

Ask a question about this Technical Report

Part of a Collection

Cybersecurity Engineering Research: Security Engineering Risk Analysis (SERA) Collection
OCTAVE-Related Assets

Cite This Report

SEI

Alberts, Christopher; & Dorofee, Audrey. OCTAVE Criteria, Version 2.0. CMU/SEI-2001-TR-016. Software Engineering Institute, Carnegie Mellon University. 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645

IEEE

Alberts. Christopher, and Dorofee. Audrey, "OCTAVE Criteria, Version 2.0," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2001-TR-016, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645

APA

Alberts, Christopher., & Dorofee, Audrey. (2001). OCTAVE Criteria, Version 2.0 (CMU/SEI-2001-TR-016). Retrieved April 24, 2018, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645

CHI

Christopher Alberts, & Audrey Dorofee. OCTAVE Criteria, Version 2.0 (CMU/SEI-2001-TR-016). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2001. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645

MLA

Alberts, Christopher., & Dorofee, Audrey. 2001. OCTAVE Criteria, Version 2.0 (Technical Report CMU/SEI-2001-TR-016). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645

BibTex

@techreport{AlbertsOCTAVECriteria2001,
title={OCTAVE Criteria, Version 2.0},
author={Christopher Alberts and Audrey Dorofee},
year={2001},
number={CMU/SEI-2001-TR-016},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=5645} }

Desktop View

Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800

Digital Library

Advanced Search

Content Type

Topics

Publication Date

OCTAVE Criteria, Version 2.0

Abstract

Part of a Collection

Cite This Report