search menu icon-carat-right cmu-wordmark

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0

Technical Report
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework for identifying and managing information security risks.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-99-TR-017
DOI (Digital Object Identifier)
10.1184/R1/6575906.v1

Abstract

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework for identifying and managing information security risks. It defines a comprehensive evaluation method that allows an organization to identify the information assets that are important to the mission of the organization, the threats to those assets, and the vulnerabilities that may expose those assets to the threats. By putting together the information assets, threats, and vulnerabilities, the organization can begin to understand what information is at risk. With this understanding, the organization can design and implement a protection strategy to reduce the overall risk exposure of its information assets.

Cite This Technical Report

Alberts, C., Behrens, S., Pethia, R., & Wilson, W. (1999, September 1). Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0. (Technical Report CMU/SEI-99-TR-017). Retrieved March 29, 2024, from https://doi.org/10.1184/R1/6575906.v1.

@techreport{alberts_1999,
author={Alberts, Christopher and Behrens, Sandra and Pethia, Richard and Wilson, William},
title={Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0},
month={Sep},
year={1999},
number={CMU/SEI-99-TR-017},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6575906.v1},
note={Accessed: 2024-Mar-29}
}

Alberts, Christopher, Sandra Behrens, Richard Pethia, and William Wilson. "Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0." (CMU/SEI-99-TR-017). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 1, 1999. https://doi.org/10.1184/R1/6575906.v1.

C. Alberts, S. Behrens, R. Pethia, and W. Wilson, "Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-99-TR-017, 1-Sep-1999 [Online]. Available: https://doi.org/10.1184/R1/6575906.v1. [Accessed: 29-Mar-2024].

Alberts, Christopher, Sandra Behrens, Richard Pethia, and William Wilson. "Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0." (Technical Report CMU/SEI-99-TR-017). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Sep. 1999. https://doi.org/10.1184/R1/6575906.v1. Accessed 29 Mar. 2024.

Alberts, Christopher; Behrens, Sandra; Pethia, Richard; & Wilson, William. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0. CMU/SEI-99-TR-017. Software Engineering Institute. 1999. https://doi.org/10.1184/R1/6575906.v1