A Taxonomy of Operational Cyber Security Risks

Abstract

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (SM) (OCTAVE (trademark)) method.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2010
Accession Number
ADA537111

Entities

People

  • James L. Cebula
  • Lisa R. Young

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Business Administration
  • Commerce
  • Computer Programming
  • Configuration Management
  • Department Of Defense
  • Department Of Homeland Security
  • Engineering
  • Information Security
  • Information Systems
  • Law
  • Risk Management
  • Security
  • Software Development
  • Standards
  • Taxonomy
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Organizational Process Management (OPM).

Technology Areas

  • Cyber