search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Applying OCTAVE: Practitioners Report

Technical Note
By
In this report, the authors describe how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2006-TN-010
DOI (Digital Object Identifier)
10.1184/R1/6571985.v1
Subjects

Abstract

The CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method, an approach for managing information security risks, was designed to be sufficiently flexible for organizations to address unique and highly contextual analysis needs through tailoring capabilities. This document describes how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs. Guidelines for successful tailoring, built on the reporting practitioners successes, are provided to help an organization fit the OCTAVE approach to their specific domain and organizational needs. The range of applications demonstrates the flexibility of the OCTAVE approach and its value in addressing security risk management. 

Readers should already be familiar with the general concepts of the OCTAVE approach.

SHARE
Download PDF
Part of a Collection

OCTAVE-Related Assets
Cite This Technical Note

Woody, C., Coleman, J., Fancher, M., Myers, C., & Young, L. (2006, May 1). Applying OCTAVE: Practitioners Report. (Technical Note CMU/SEI-2006-TN-010). Retrieved April 18, 2024, from https://doi.org/10.1184/R1/6571985.v1.

@techreport{woody_2006,
author={Woody, Carol and Coleman, Johnathan and Fancher, Michael and Myers, Carol and Young, Lisa},
title={Applying OCTAVE: Practitioners Report},
month={May},
year={2006},
number={CMU/SEI-2006-TN-010},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6571985.v1},
note={Accessed: 2024-Apr-18}
}

Woody, Carol, Johnathan Coleman, Michael Fancher, Carol Myers, and Lisa Young. "Applying OCTAVE: Practitioners Report." (CMU/SEI-2006-TN-010). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, May 1, 2006. https://doi.org/10.1184/R1/6571985.v1.

C. Woody, J. Coleman, M. Fancher, C. Myers, and L. Young, "Applying OCTAVE: Practitioners Report," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2006-TN-010, 1-May-2006 [Online]. Available: https://doi.org/10.1184/R1/6571985.v1. [Accessed: 18-Apr-2024].

Woody, Carol, Johnathan Coleman, Michael Fancher, Carol Myers, and Lisa Young. "Applying OCTAVE: Practitioners Report." (Technical Note CMU/SEI-2006-TN-010). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 May. 2006. https://doi.org/10.1184/R1/6571985.v1. Accessed 18 Apr. 2024.

Woody, Carol; Coleman, Johnathan; Fancher, Michael; Myers, Carol; & Young, Lisa. Applying OCTAVE: Practitioners Report. CMU/SEI-2006-TN-010. Software Engineering Institute. 2006. https://doi.org/10.1184/R1/6571985.v1

Ask a question about this Technical Note