Applying OCTAVE: Practitioners Report

The CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method, an approach for managing information security risks, was designed to be sufficiently flexible for organizations to address unique and highly contextual analysis needs through tailoring capabilities. This document describes how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs. Guidelines for successful tailoring, built on the reporting practitioners successes, are provided to help an organization fit the OCTAVE approach to their specific domain and organizational needs. The range of applications demonstrates the flexibility of the OCTAVE approach and its value in addressing security risk management.

Readers should already be familiar with the general concepts of the OCTAVE approach.

PDF [493 KB]

Author

Carol Woody

This report is related to the following area(s) of work:

Security and Survivability

Technical Note
CMU/SEI-2006-TN-010
May 2006

Cite This Report

SEI:

Woody, Carol; Applying OCTAVE: Practitioners Report (CMU/SEI-2006-TN-010). Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/library/abstracts/reports/06tn010.cfm

IEEE:

C. Woody, "Applying OCTAVE: Practitioners Report," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2006-TN-010, 2006. http://www.sei.cmu.edu/library/abstracts/reports/06tn010.cfm

APA:

Woody, C., (2006). Applying OCTAVE: Practitioners Report (CMU/SEI-2006-TN-010). Retrieved May 20, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/06tn010.cfm

CHI:

Woody, Carol, Applying OCTAVE: Practitioners Report (CMU/SEI-2006-TN-010). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/library/abstracts/reports/06tn010.cfm

MLA:

Woody, C., 2006. Applying OCTAVE: Practitioners Report (Technical Report CMU/SEI-2006-TN-010). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/06tn010.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.