Software Engineering Institute

OCTAVE FORTE: Establish a More Adaptable and Robust Risk Program

June 29, 2020 • Fact Sheet

By Software Engineering Institute

This fact sheet describes OCTAVE FORTE and how it updates the original OCTAVE program.

Learn More

Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

April 30, 2007 • Technical Report

By Richard A. Caralli, James F. Stevens, Lisa R. Young, William R. Wilson

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.

Read

Introduction to the OCTAVE Approach

August 1, 2003 • User's Guide

By Christopher J. Alberts, Audrey J. Dorofee, James F. Stevens, Carol Woody

In this 2003 report, the authors describe the OCTAVE method, an approach for managing information security risks.

Learn More

Managing Information Security Risks: The OCTAVE Approach

July 9, 2002 • Book

By Christopher J. Alberts, Audrey J. Dorofee

In this book, the authors provide a systematic way to evaluate and manage information security risks through the use of the OCTAVE approach.

Read

Applying OCTAVE: Practitioners Report

April 30, 2006 • Technical Note

By Carol Woody, Johnathan Coleman (No Affiliation), Michael Fancher (No Affiliation), Carol Myers (No Affiliation), Lisa R. Young

In this report, the authors describe how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs.

Read

OCTAVE Catalog of Practices, Version 2.0

September 30, 2001 • Technical Report

By Christopher J. Alberts, Audrey J. Dorofee, Julia H. Allen

In this report, the authors describe OCTAVE practices, which enable organizations to identify risks and mitigate them.

Read

Security Risk Assessment Using OCTAVE Allegro

September 16, 2008 • Podcast

By Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services.

Listen

OCTAVE Criteria, Version 2.0

November 30, 2001 • Technical Report

By Christopher J. Alberts, Audrey J. Dorofee

This 2001 report defines a general approach for evaluating and managing information security risks.

Read

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0

August 31, 1999 • Technical Report

By Christopher J. Alberts, Sandra Behrens, Richard D. Pethia, William R. Wilson

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework for identifying and managing information security risks.

Read

OCTAVE Method Implementation Guide Version 2.0 Volume 1: Introduction

June 1, 2001 • User's Guide

By Christopher J. Alberts, Audrey J. Dorofee

In this report, the authors describe everything you will need to understand and implement OCTAVE method.

Learn More

OCTAVE Method Implementation Guide Version 2.0 Volume 2: Preliminary Activities

June 1, 2001 • User's Guide

By Christopher J. Alberts, Audrey J. Dorofee

In this list of preliminary activities, the authors describe activities you will complete to implement the OCTAVE method.

Learn More

OCTAVE-S Implementation Guide, Version 1

December 31, 2004 • Handbook

By Christopher J. Alberts, Audrey J. Dorofee, James F. Stevens, Carol Woody

In this 2005 handbook, the authors provide detailed guidelines for conducting an OCTAVE-S evaluation.

Read