A Taxonomy of Operational Cyber Security Risks Version 2

Abstract

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE) method.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2014
Accession Number
ADA609863

Entities

People

  • James J. Cebula
  • Lisa R. Young
  • Mary E. Popeck

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Software
  • Business Administration
  • Commerce
  • Computer Programming
  • Configuration Management
  • Department Of Homeland Security
  • Information Security
  • Information Systems
  • Law
  • Network Protocols
  • Reliability
  • Risk Management
  • Security
  • Software Development
  • Standards
  • Taxonomy
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Organizational Process Management (OPM).

Technology Areas

  • Cyber