Skip to main content Skip to footer site map

Advancing Risk Management Capability Using the OCTAVE FORTE Process : Carnegie Mellon University , November , 2020

November 2020

Carnegie Mellon University

Download PDF

From the document: "OCTAVE FORTE (Operationally Critical Threat, Asset, and Vulnerability Evaluation FOR The Enterprise) is a process model that helps executives and other decision makers understand and prioritize the complex risks affecting their organization. It also helps organizations identify, analyze, prioritize, and mitigate risks that could impact them. The Software Engineering Institute (SEI) developed the OCTAVE FORTE process model to help organizations evaluate their security risks and use ERM principles to bridge the gap between executives and practitioners as decision makers. Executives use information about risk to develop a governance structure, prioritize risks, make informed decisions, allocate resources, and communicate risks using a tiered governance structure. Managers—who support executives in achieving strategic objectives—use elements of FORTE to identify and manage risk in their divisions and departments. Practitioners learn to apply their subject matter expertise in a way that enhances their analysis and helps them communicate their greatest concerns to management."

Authors - Tucker, B.A.



Tucker, B.A.


Carnegie Mellon University


PDF - Download

Related Resources