References (continued) OCTAVE Evaluation Method - Identify the risks that affect the information assets important to the mission of your organization. http://www.cert.org/octave/ Survivable Systems Analysis - Define and implement system improvements to deal with inevitable intrusions in a proactive manner. http://www.cert.org/sna/index.html#ssa CERT Security Practices - Gain practical guidance that helps you improve security within your organization. Also available in book form. http://www.cert.org/security-improvement CSIRT development - Develop a computer security incident response team (CSIRT) and a body of security practices for your organization. http://www.cert.org/csirts MITRE's free OVAL Reference XML Definition Interpreters can determine if a system has vulnerabilities from the CVE dictionary. http://oval.mitre.org/oval/download/interpreter.html