Free CARVER Chapter

What is The CARVER Target Analysis and Vulnerability Assessment Methodology?

 

“The CARVER Methodology is one of the most effective tools that a security professional can use.”

General James L. Jones, Former U.S. National Security Advisor

CONTACT US TODAY FOR MORE INFORMATION

What is the CARVER Method?

A Security Vulnerability Assessment (SVA) is an understanding of the threats, weaknesses, and probability of attack, which could impact a facility, person, system or event.

As such, the CARVER Target Analysis and Vulnerability Assessment Methodology is a time-tested vulnerability assessment methodology that balances efficiency with reliability.

It is a unique analytical tool because it facilitates both a qualitative and a quantitative assessment of an asset’s vulnerabilities.  Most assessment tools are limited to qualitative assessments.  A quantitative assessment assists in highlighting vulnerabilities, prioritizing assets and remedial efforts.

DOWNLOAD YOUR FREE CARVER FOR BUSINESS WHITE PAPER

What does CARVER mean?

Critically

Identify critical systems, single points of failure or choke points

Accessibility

Determine ease of access to critical systems, operations or assets

Recoverability

The time and effort taken to recover from an adverse event

Vulnerability

Security system effectiveness vs. adversary capability

Effect

Scope and magnitude of adverse consequences that would result from malicious actions and responses to them

Recognizability

Evaluate likelihood that potential adversaries would recognize the asset as a critical or valuable target

The CARVER Value Rating Scale

Using CARVER successfully requires inserting the proper values into the CARVER matrix. Otherwise, its practitioners won’t be able to assess the probability of attack or risk to the asset accurately.  When a CARVER matrix is completed, it provides the following results:

+ Identifies high risk assets

+ Categorizes and prioritizes assets

+ Assesses vulnerabilities and consequences

The values 1-5 are used to calculate Risk and Probability of Attack (Pa) in the CARVER Matrix. The higher the number the higher both the Risk and Probability of Attack.

Get CARVER Certified from the “Godfather of CARVER”

CARVER Co-creator, Leo “the Godfather of CARVER” Labaj, on CARVER’s Origins:  

"During my first six years in Special Activities Branch, I trained special operations forces and CIA paramilitary units in the use of explosives to conduct or plan sabotage operations.  The training included not only how to destroy targets but also how to select targets for destruction to meet mission objectives.  The target analysis methodology of choice at the time was called CARVE.  

From 1972 to 1975, as the Vietnam War wound down, CARVE became an important part of the military’s target-analysis module.  But after the war, and as incidents of international terrorism emerged and increased in frequency, analysts began to find CARVE lacking as a vulnerability assessment tool.  

In 1976 CARVE became CARVER.  It followed that if we (CIA-SAB) knew how to attack a target, we should also be able to prevent an attack on a target.  So, we turned our hats around and strove to become counterterrorism “experts.”

Sign-Up Today For One of Our CARVER Training Online or In-Person Courses

*Earn 24 continuing education units from ASIS-International

Read the Definitive CARVER Book

Want to read about the history of the CARVER Methodology?  SMI’s Luke Bencie and the CIA’s Leo “the Godfather of CARVER” Labaj, have written a practical guide for evaluating security vulnerabilities utilizing the CARVER Method.

GET THE BOOK

Learn CARVER Online

Don’t have time to take the in-person, 3-day CARVER course?  Why not learn at your own pace with The Fundamentals of the CARVER Target Analysis and Vulnerability Online Training Course.  This virtual training will give you everything you need to know about conducting a vulnerability assessment using the CARVER matrices.

LEARN MORE

Attend the 3-DAY *LIVE* CARVER Training Course

The 3-day CARVER Target Analysis and Vulnerability Assessment Training Course is the "original" CARVER course, which is taught by retired CIA bomb-tech, Leo "the Godfather of CARVER" Labaj.  This course is recognized by ASIS-International as a "Preferred CPE Provider" and is worth 24 Continuing Educations Units.

LEARN MORE

Attend CARVERCON 2020

After two previously successful iterations, CARVERCON returns once more - on Friday, November 13th 2020 - to be the must-attend Vulnerability Assessment conference of the year.  Join critical infrastructure protection experts on the campus of the University of South Florida in beautiful Sarasota, Florida. 

LEARN MORE

Simplify with SOTERIA: CARVER Software 

It's time to simplify your assessments with CARVER software.  The brilliance of the CARVER Target Analysis and Vulnerability Assessment Methodology has finally been packaged in an easy to use mobile collection platform with a multi-purpose asset management dashboard system, known as SOTERIA.  The future of vulnerability assessments is here.  

LEARN MORE

Live Training Events/Workshops

Looking to enhance your knowledge, skills and abilities in the security field from true subject matter experts? Below is a list of upcoming training courses and executive workshops designed to enhance your professional development. Earn your Certified CARVER Assessment Professional (CCAP) designation from Leo “the Godfather of CARVER” Labaj. Also, earn 24 Continuing Education Units (CEUs) from ASIS-International.

CARVER TAVA Training Course

Tuesday - Thursday, August 18-20 @ 8:00 am - 4:00 pm EST Washington, DC

RESERVE SEAT

CARVERCON 2020

Friday, November 13 @ 8:00 am - 4:00 pm EST University of South Florida (Sarasota) 

RESERVE SEAT

Get Your Free Chapter of the CARVER Methodology TODAY!