search menu icon-carat-right cmu-wordmark

A Taxonomy of Operational Cyber Security Risks Version 2

Technical Note
This second version of the 2010 report presents a taxonomy of operational cyber security risks and harmonizes it with other risk and security activities.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2014-TN-006
DOI (Digital Object Identifier)
10.1184/R1/6571784.v1

Abstract

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act (FISMA), the National Institute of Standards and Technology (NIST) Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE®) method. 

Cite This Technical Note

Cebula, J., Popeck, M., & Young, L. (2014, May 21). A Taxonomy of Operational Cyber Security Risks Version 2. (Technical Note CMU/SEI-2014-TN-006). Retrieved May 26, 2024, from https://doi.org/10.1184/R1/6571784.v1.

@techreport{cebula_2014,
author={Cebula, James and Popeck, Mary and Young, Lisa},
title={A Taxonomy of Operational Cyber Security Risks Version 2},
month={May},
year={2014},
number={CMU/SEI-2014-TN-006},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6571784.v1},
note={Accessed: 2024-May-26}
}

Cebula, James, Mary Popeck, and Lisa Young. "A Taxonomy of Operational Cyber Security Risks Version 2." (CMU/SEI-2014-TN-006). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, May 21, 2014. https://doi.org/10.1184/R1/6571784.v1.

J. Cebula, M. Popeck, and L. Young, "A Taxonomy of Operational Cyber Security Risks Version 2," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2014-TN-006, 21-May-2014 [Online]. Available: https://doi.org/10.1184/R1/6571784.v1. [Accessed: 26-May-2024].

Cebula, James, Mary Popeck, and Lisa Young. "A Taxonomy of Operational Cyber Security Risks Version 2." (Technical Note CMU/SEI-2014-TN-006). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 21 May. 2014. https://doi.org/10.1184/R1/6571784.v1. Accessed 26 May. 2024.

Cebula, James; Popeck, Mary; & Young, Lisa. A Taxonomy of Operational Cyber Security Risks Version 2. CMU/SEI-2014-TN-006. Software Engineering Institute. 2014. https://doi.org/10.1184/R1/6571784.v1