Operationally Critical Threat, Asset, and Vulnerability Evaluation
A risk assessment methodology developed at Carnegie Mellon's Software Engineering Institute. It guides organizations through identifying critical assets, the threats to them, and the vulnerabilities that expose them, driven by the organization's own staff rather than outside auditors. Variants like OCTAVE Allegro streamline the process for smaller teams.