icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

A Taxonomy of Operational Cyber Security Risks

Technical Note
By
In this report, the authors present a taxonomy of operational cyber security risks and its harmonization with other risk and security activities.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2010-TN-028
Topic or Tag

Abstract

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method.

SHARE
Download PDF
Cite This Technical Note

Cebula, J., & Young, L. (2010, December 1). A Taxonomy of Operational Cyber Security Risks. (Technical Note CMU/SEI-2010-TN-028). Retrieved December 3, 2024, from https://insights.sei.cmu.edu/library/a-taxonomy-of-operational-cyber-security-risks/.

@techreport{cebula_2010,
author={Cebula, James and Young, Lisa},
title={A Taxonomy of Operational Cyber Security Risks},
month={{Dec},
year={{2010},
number={{CMU/SEI-2010-TN-028},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/a-taxonomy-of-operational-cyber-security-risks/},
note={Accessed: 2024-Dec-3}
}

Cebula, James, and Lisa Young. "A Taxonomy of Operational Cyber Security Risks." (CMU/SEI-2010-TN-028). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, December 1, 2010. https://insights.sei.cmu.edu/library/a-taxonomy-of-operational-cyber-security-risks/.

J. Cebula, and L. Young, "A Taxonomy of Operational Cyber Security Risks," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2010-TN-028, 1-Dec-2010 [Online]. Available: https://insights.sei.cmu.edu/library/a-taxonomy-of-operational-cyber-security-risks/. [Accessed: 3-Dec-2024].

Cebula, James, and Lisa Young. "A Taxonomy of Operational Cyber Security Risks." (Technical Note CMU/SEI-2010-TN-028). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Dec. 2010. https://insights.sei.cmu.edu/library/a-taxonomy-of-operational-cyber-security-risks/. Accessed 3 Dec. 2024.

Cebula, James; & Young, Lisa. A Taxonomy of Operational Cyber Security Risks. CMU/SEI-2010-TN-028. Software Engineering Institute. 2010. https://insights.sei.cmu.edu/library/a-taxonomy-of-operational-cyber-security-risks/

Ask a question about this Technical Note