National Technical Reports Library

The National Technical Information Service acquires, indexes, abstracts, and archives the largest collection of U.S. government-sponsored technical reports in existence. The NTRL offers online, free and open access to these authenticated government technical reports. Technical reports and documents in its repository may be available online for free either from the issuing federal agency, the U.S. Government Publishing Office’s Federal Digital System website, or through search engines.

Details

Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process.

ADA470450

Publication Date	2007
Personal Author	Caralli, R. A.; Stevens, J. F.; Young, L. R.; Wilson, W. R.
Page Count	154
Abstract	This technical report introduces the next generation of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methodology, OCTAVE Allegro. OCTAVE Allegro is a methodology to streamline and optimize the process of assessing information security risks so that an organization can obtain sufficient results with a small investment in time, people, and other limited resources. It leads the organization to consider people, technology, and facilities in the context of their relationship to information and the business processes and services they support. This report highlights the design considerations and requirements for OCTAVE Allegro based on field experience with existing OCTAVE methods and provides guidance, worksheets, and examples that an organization can use to begin performing OCTAVE Allegro-based risk assessments.
Keywords	Vulnerability Threat evaluation Information security Software engineering Risk analysis Methodology Computers Octave(Operationally critical threat-asset-vulnerability evaluation) Risk assessment Risk evaluation Threat analysis Vulnerability evaluation Information resiliency Computer security risk management
Source Agency	Non Paid ADAS
Corporate Authors	Carnegie-Mellon Univ., Pittsburgh, PA. Software Engineering Inst.
Supplemental Notes	Prepared in cooperation with ictQATAR. The original document contains color images.
Document Type	Technical Report
Title Note	Final rept.
NTIS Issue Number	200724
Contract Number	FA8721-05-C-0003

Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process.

Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process.
ADA470450

Publication Date	2007
Personal Author	Caralli, R. A.; Stevens, J. F.; Young, L. R.; Wilson, W. R.
Page Count	154
Abstract	This technical report introduces the next generation of the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methodology, OCTAVE Allegro. OCTAVE Allegro is a methodology to streamline and optimize the process of assessing information security risks so that an organization can obtain sufficient results with a small investment in time, people, and other limited resources. It leads the organization to consider people, technology, and facilities in the context of their relationship to information and the business processes and services they support. This report highlights the design considerations and requirements for OCTAVE Allegro based on field experience with existing OCTAVE methods and provides guidance, worksheets, and examples that an organization can use to begin performing OCTAVE Allegro-based risk assessments.
Keywords	Vulnerability Threat evaluation Information security Software engineering Risk analysis Methodology Computers Octave(Operationally critical threat-asset-vulnerability evaluation) Risk assessment Risk evaluation Threat analysis Vulnerability evaluation Information resiliency Computer security risk management
Source Agency	Non Paid ADAS
Corporate Authors	Carnegie-Mellon Univ., Pittsburgh, PA. Software Engineering Inst.
Supplemental Notes	Prepared in cooperation with ictQATAR. The original document contains color images.
Document Type	Technical Report
Title Note	Final rept.
NTIS Issue Number	200724
Contract Number	FA8721-05-C-0003