K-12 Risk Methodology Introduction
Technology is broadly used in the K-12 environment by many participants including administrators, teachers, parents, students, school board members, community officials and tax payers. While this enables a wide range of useful activities, the risk for inappropriate and illegal behavior that violates privacy, regulations, and common courtesy is increasing exponentially. A methodology called OCTAVETP®PT (Operationally Critical Threat, Asset, and Vulnerability Evaluation) was released in 2001 by the Software Engineering Institute at Carnegie Mellon University to assist large organizations in planning for and mitigating cyber-security and other technology related risks. In April 2004 this version of OCTAVE tailored for K-12 schools and school districts became publicly available. This document provides detail guidance and worksheets for you to apply the K-12 Risk Methodology within your institution to construct a plan to help your organization reduce cyber-related risk.

Read more…


Prepared by
Carol Woody, Ph. D.

Based on the Operationally Critical Threat, Asset, and Vulnerability Evaluation SM

NOTE: This methodology was developed to support the dissertation Applying Security Risk Management to Internet Connectivity in K-12
Schools and School Districts in partial fulfillment of a requirements for a Ph. D. in Information Systems, Graduate School of Computer and Information Sciences, NOVA Southeastern University (2004)