OCTAVE Catalog of Practices, Version 2.0
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2001-TR-020DOI (Digital Object Identifier)
10.1184/R1/6575834.v1Topic or Tag
Abstract
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Method enables organizations to identify the risks to their most important assets and build mitigation plans to address those risks. OCTAVE uses three "catalogs" of information to maintain modularity and keep the method separate from specific technologies. One of these catalogs is the catalog of good security practices. It provides the means to measure an organization's current security practices and to build a strategy for improving its practices to protect its critical assets.
The catalog of practices is divided into two types of practice—strategic and operational. The strategic practices focus on organizational issues at the policy level and provide good, general management practices. Operational practices focus on the technology-related issues dealing with how people use, interact with, and protect technology. This technical report describes how the catalog of practices is used in OCTAVE and describes the catalog in detail.
Part of a Collection
OCTAVE-Related Assets
Cite This Technical Report
Alberts, C., Dorofee, A., & Allen, J. (2001, October 1). OCTAVE Catalog of Practices, Version 2.0. (Technical Report CMU/SEI-2001-TR-020). Retrieved October 11, 2024, from https://doi.org/10.1184/R1/6575834.v1.
@techreport{alberts_2001,
author={Alberts, Christopher and Dorofee, Audrey and Allen, Julia},
title={OCTAVE Catalog of Practices, Version 2.0},
month={Oct},
year={2001},
number={CMU/SEI-2001-TR-020},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6575834.v1},
note={Accessed: 2024-Oct-11}
}
Alberts, Christopher, Audrey Dorofee, and Julia Allen. "OCTAVE Catalog of Practices, Version 2.0." (CMU/SEI-2001-TR-020). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 1, 2001. https://doi.org/10.1184/R1/6575834.v1.
C. Alberts, A. Dorofee, and J. Allen, "OCTAVE Catalog of Practices, Version 2.0," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2001-TR-020, 1-Oct-2001 [Online]. Available: https://doi.org/10.1184/R1/6575834.v1. [Accessed: 11-Oct-2024].
Alberts, Christopher, Audrey Dorofee, and Julia Allen. "OCTAVE Catalog of Practices, Version 2.0." (Technical Report CMU/SEI-2001-TR-020). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Oct. 2001. https://doi.org/10.1184/R1/6575834.v1. Accessed 11 Oct. 2024.
Alberts, Christopher; Dorofee, Audrey; & Allen, Julia. OCTAVE Catalog of Practices, Version 2.0. CMU/SEI-2001-TR-020. Software Engineering Institute. 2001. https://doi.org/10.1184/R1/6575834.v1