Security Risk Assessment Using Octave Allegro: Part 1: Introduction to Allegro: Rationale and Application

Abstract

OCTAVE's been around for many years, going on ten I think. But it was originally developed for large complex organizations who were looking for a way to evaluate their information security risk, in the context of the operation of the business. And OCTAVE was one of the first evaluation methods to consider security outside of just vulnerability assessment. It has methods to collect information about organizational vulnerabilities, and it also has many volumes of guidance on risk assessment and the principles of risk management.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2008
Accession Number
AD1147202

Entities

People

  • Julia H. Allen
  • Lisa Young

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Commerce
  • Containers
  • Copyrights
  • Engineering
  • Information Security
  • Law
  • Management Training
  • Productivity
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Security Personnel
  • Software Development
  • Test And Evaluation
  • Universities
  • Vulnerability

Readers

  • Auditory Neuroscience/Auditory Physiology.
  • Cybersecurity.
  • Software Engineering.