search menu icon-carat-right cmu-wordmark

A 10-Step Framework for Managing Risk

March 2021 Podcast
Brett Tucker

Brett Tucker outlines OCTAVE FORTE, a 10-step framework to guide organizations in managing risk.

“What we are trying to do with this enterprise-risk take is to get all those folks talking in that same language. We can do this with the series of tools that is provided within OCTAVE FORTE. Or
It is important to understand not just the performance of your risk program, but also to look back at the individual risk and understand how the exposure is being brought down with each individual risk, which could also be a good indicator of how the program is performing.”


Software Engineering Institute




Brett Tucker, a technical manager for cyber risk in the SEI CERT Division, discusses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for the Enterprise (OCTAVE FORTE) Model. OCTAVE FORTE is a process model that helps organizations evaluate their security risks and use principles of ERM to bridge the gap between executives and practitioners. In this SEI Podcast, Tucker outlines OCTAVE FORTE's 10-step framework to guide organizations in managing risk.