Accession Number:

ADA609863

Title:

A Taxonomy of Operational Cyber Security Risks Version 2

Descriptive Note:

Final rept.

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Report Date:

2014-05-01

Pagination or Media Count:

48.0

Abstract:

This report presents a taxonomy of operational cyber security risks that attempts to identify and organize the sources of operational cyber security risk into four classes 1 actions of people, 2 systems and technology failures, 3 failed internal processes, and 4 external events. Each class is broken down into subclasses, which are described by their elements. This report discusses the harmonization of the taxonomy with other risk and security activities, particularly those described by the Federal Information Security Management Act FISMA, the National Institute of Standards and Technology NIST Special Publications, and the CERT Operationally Critical Threat, Asset, and Vulnerability EvaluationSM OCTAVE method.

Subject Categories:

  • Computer Programming and Software
  • Safety Engineering

Distribution Statement:

APPROVED FOR PUBLIC RELEASE