Software Engineering Institute

Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

May 1, 2007 • Technical Report

By

Richard A. Caralli, James F. Stevens, Lisa R. Young, and William R. Wilson

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.

Publisher

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2007-TR-012

DOI (Digital Object Identifier)

10.1184/R1/6574790.v1

Subjects

Cyber Risk And Resilience Management Octave Tools

Abstract

This technical report introduces the next generation of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methodology, OCTAVE Allegro. OCTAVE Allegro is a methodology to streamline and optimize the process of assessing information security risks so that an organization can obtain sufficient results with a small investment in time, people, and other limited resources. It leads the organization to consider people, technology, and facilities in the context of their relationship to information and the business processes and services they support. This report highlights the design considerations and requirements for OCTAVE Allegro based on field experience with existing OCTAVE methods and provides guidance, worksheets, and examples that an organization can use to begin performing OCTAVE Allegro-based risk assessments.

Part of a Collection

OCTAVE-Related Assets

Cite This Technical Report

APA

Caralli, R., Stevens, J., Young, L., & Wilson, W. (2007, May 1). Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. (Technical Report CMU/SEI-2007-TR-012). Retrieved April 16, 2024, from https://doi.org/10.1184/R1/6574790.v1.

BibTeX

@techreport{caralli_2007,
author={Caralli, Richard and Stevens, James and Young, Lisa and Wilson, William},
title={Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process},
month={May},
year={2007},
number={CMU/SEI-2007-TR-012},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6574790.v1},
note={Accessed: 2024-Apr-16}
}

CHI

Caralli, Richard, James Stevens, Lisa Young, and William Wilson. "Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process." (CMU/SEI-2007-TR-012). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, May 1, 2007. https://doi.org/10.1184/R1/6574790.v1.

IEEE

R. Caralli, J. Stevens, L. Young, and W. Wilson, "Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2007-TR-012, 1-May-2007 [Online]. Available: https://doi.org/10.1184/R1/6574790.v1. [Accessed: 16-Apr-2024].

MLA

Caralli, Richard, James Stevens, Lisa Young, and William Wilson. "Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process." (Technical Report CMU/SEI-2007-TR-012). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 May. 2007. https://doi.org/10.1184/R1/6574790.v1. Accessed 16 Apr. 2024.

SEI

Caralli, Richard; Stevens, James; Young, Lisa; & Wilson, William. Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process. CMU/SEI-2007-TR-012. Software Engineering Institute. 2007. https://doi.org/10.1184/R1/6574790.v1

Ask a question about this Technical Report