A Taxonomy of Operational Cyber Security Risks

December 2010 • Technical Note

James J. Cebula, Lisa R. Young

In this report, the authors present a taxonomy of operational cyber security risks and its harmonization with other risk and security activities.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2010-TN-028

Subjects

Cyber Risk and Resilience ManagementCyber Risk and Resilience Management

Abstract

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method.

Download PDF

Cite This Report

SEI

Cebula, James; & Young, Lisa. A Taxonomy of Operational Cyber Security Risks. CMU/SEI-2010-TN-028. Software Engineering Institute, Carnegie Mellon University. 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9395

IEEE

Cebula. James, and Young. Lisa, "A Taxonomy of Operational Cyber Security Risks," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2010-TN-028, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9395

APA

Cebula, James., & Young, Lisa. (2010). A Taxonomy of Operational Cyber Security Risks (CMU/SEI-2010-TN-028). Retrieved May 30, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9395

CHI

James Cebula, & Lisa Young. A Taxonomy of Operational Cyber Security Risks (CMU/SEI-2010-TN-028). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9395

MLA

Cebula, James., & Young, Lisa. 2010. A Taxonomy of Operational Cyber Security Risks (Technical Report CMU/SEI-2010-TN-028). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9395

BibTex

@techreport{CebulaATaxonomy2010,
title={A Taxonomy of Operational Cyber Security Risks},
author={James Cebula and Lisa Young},
year={2010},
number={CMU/SEI-2010-TN-028},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9395} }

Ask a question about this Technical Note

Software Engineering Institute