The CARVER method is an offensive targeting prioritization tool that has been adapted for use in multiple industries including military, law enforcement, information technology, humanitarian and food manufacturing sectors.
This tool can be used to assess the vulnerabilities within a system or infrastructure to an attack. It allows you to think like an attacker by identifying the most attractive targets for attack. By conducting such a vulnerability assessment and determining the most vulnerable points in your infrastructure, you can then focus your resources on protecting your most vulnerable points.
CARVER is an acronym for the following six attributes used to evaluate the attractiveness of a target for attack:
- Criticality – measure of how critical a node is to your service
- Accessibility – ability to physically access and egress from target
- Recuperability – ability of system to recover from an attack
- Vulnerability – ease of accomplishing attack
- Effect – amount of direct loss from an attack
- Recognizability – ease of identifying target