A security framework for determining risk and planning appropriate cyber defenses. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) defines a method organizations can use to minimize their exposure to threats, determine the probable consequences of attacks, and mitigate those attacks they sustain. Developed by Carnegie Mellon University for the US Department of Defense, OCTAVE exists in two versions: OCTAVE-S (simplified for small organizations with flat structures) and OCTAVE Allegro (a comprehensive version for large or hierarchical organizations).