Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

Abstract

This technical report introduces the next generation of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methodology, OCTAVE Allegro. OCTAVE Allegro is a methodology to streamline and optimize the process of assessing information security risks so that an organization can obtain sufficient results with a small investment in time, people, and other limited resources. It leads the organization to consider people, technology, and facilities in the context of their relationship to information and the business processes and services they support. This report highlights the design considerations and requirements for OCTAVE Allegro based on field experience with existing OCTAVE methods and provides guidance, worksheets, and examples that an organization can use to begin performing OCTAVE Allegro-based risk assessments.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2007
Accession Number
ADA470450

Entities

People

  • James F. Stevens
  • Lisa R. Young
  • Richard A. Caralli
  • William R. Wilson

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Business Administration
  • Commerce
  • Computers
  • Denial Of Service Attack
  • Department Of Defense
  • Information Security
  • Information Systems
  • Intellectual Property
  • Investments
  • Law
  • Operating Systems
  • Organizational Structure
  • Risk
  • Risk Analysis
  • Risk Management
  • Software Development
  • Vulnerability

Readers

  • Cybersecurity.
  • Organizational Process Management (OPM).