search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

OCTAVE Catalog of Practices, Version 2.0

Technical Report
By
In this report, the authors describe OCTAVE practices, which enable organizations to identify risks and mitigate them.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2001-TR-020
DOI (Digital Object Identifier)
10.1184/R1/6575834.v1
Subjects

Abstract

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Method enables organizations to identify the risks to their most important assets and build mitigation plans to address those risks. OCTAVE uses three "catalogs" of information to maintain modularity and keep the method separate from specific technologies. One of these catalogs is the catalog of good security practices. It provides the means to measure an organization's current security practices and to build a strategy for improving its practices to protect its critical assets.  

The catalog of practices is divided into two types of practice—strategic and operational. The strategic practices focus on organizational issues at the policy level and provide good, general management practices. Operational practices focus on the technology-related issues dealing with how people use, interact with, and protect technology. This technical report describes how the catalog of practices is used in OCTAVE and describes the catalog in detail.

SHARE
Download PDF
Part of a Collection

OCTAVE-Related Assets
Cite This Technical Report

Alberts, C., Dorofee, A., & Allen, J. (2001, October 1). OCTAVE Catalog of Practices, Version 2.0. (Technical Report CMU/SEI-2001-TR-020). Retrieved April 24, 2024, from https://doi.org/10.1184/R1/6575834.v1.

@techreport{alberts_2001,
author={Alberts, Christopher and Dorofee, Audrey and Allen, Julia},
title={OCTAVE Catalog of Practices, Version 2.0},
month={Oct},
year={2001},
number={CMU/SEI-2001-TR-020},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6575834.v1},
note={Accessed: 2024-Apr-24}
}

Alberts, Christopher, Audrey Dorofee, and Julia Allen. "OCTAVE Catalog of Practices, Version 2.0." (CMU/SEI-2001-TR-020). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 1, 2001. https://doi.org/10.1184/R1/6575834.v1.

C. Alberts, A. Dorofee, and J. Allen, "OCTAVE Catalog of Practices, Version 2.0," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2001-TR-020, 1-Oct-2001 [Online]. Available: https://doi.org/10.1184/R1/6575834.v1. [Accessed: 24-Apr-2024].

Alberts, Christopher, Audrey Dorofee, and Julia Allen. "OCTAVE Catalog of Practices, Version 2.0." (Technical Report CMU/SEI-2001-TR-020). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Oct. 2001. https://doi.org/10.1184/R1/6575834.v1. Accessed 24 Apr. 2024.

Alberts, Christopher; Dorofee, Audrey; & Allen, Julia. OCTAVE Catalog of Practices, Version 2.0. CMU/SEI-2001-TR-020. Software Engineering Institute. 2001. https://doi.org/10.1184/R1/6575834.v1

Ask a question about this Technical Report