Software Engineering Institute Carnegie Mellon

Course Offerings
Prices
Locations, Travel, and Lodging
Courses FAQ
Privacy Information (FERPA)
Registration
Contact Information
Credentials Program
SEI Certification

Assessing Information Security Risk Using the OCTAVE Approach

Dates

2008* Prices (USD)

2008 Dates
March 11-13, 2008 (CMU/CIC Bldg. Pittsburgh, PA)
August 19-21, 2008 (CMU/CIC Bldg. Pittsburgh, PA)
October 6-8, 2008 (Los Angeles, CA)
November 12-14, 2008 (SEI Arlington, VA)

Course Registration
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Phone: 412 / 268-7388
FAX: 412 / 268-7401
Questions: courseregistration@sei.cmu.edu

To Register: Click Here

This course may also be offered by arrangement at customer sites. E-mail training-info@cert.org or call +1 412-268-9564 for details.

*Course dates and fees are subject to change.

U.S.
Course Fee:
Industry: $1650
Government: $1320
Academic: $1320

International
Course Fee:
$3300


   Register for
2008 Dates

Course Description

 

In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE®) approach.

The OCTAVE approach provides organizations a comprehensive methodology that focuses on information assets in their operational contexts. Risks are identified and analyzed based on where they originateat the points where information is stored, transported, and processed. By focusing on operational risks to information, participants learn to view risk assessment in the context the organization's strategic objectives and risk tolerances.

Through lectures, class exercises, and discussions, the course covers the OCTAVE-prescribed activities for risk identification, analysis, and mitigation. Elements of the various OCTAVE methodsOCTAVE, OCTAVE-S, and OCTAVE Allegroare addressed to provide a broad toolkit for students. After completing the course, attendees will be able to use OCTAVE to

  • gather and organize risk information via interviews, documentation reviews, and technical analysis
  • create risk evaluation criteria to assess risk commensurate with the organization's risk appetite
  • identify, analyze, and prioritize information security risks
  • improve vulnerability management activities by viewing them in a risk context
  • position information security risks to explain the sources of operational risk and why managing operational risk is important to managing enterprise risk
  • develop risk mitigation strategies that reflect improvements in controls to prevent risk where information lives

Audience   ·    Prerequisites    ·    Objectives   ·    Logistics

 

AUDIENCE

  • Individuals who would like an in-depth understanding of the OCTAVE Risk Assessment Methodology
  • Security professionals, business continuity planners, compliance personnel, risk managers, and other professionals requiring the knowledge and skills to understand operational risk and perform risk assessments

PREREQUISITES
There are no prerequisites for this course.

TOPICS

  • introduction to the OCTAVE Approach
  • review of OCTAVE Method
    • identify critical assets and the threats to those assets
    • identify the vulnerabilities that expose those threats
    • develop an appropriate protection strategy for the organization's mission and priorities
  • tailor the OCTAVE Method to meet your organization's needs
  • preparation for OCTAVE
  • OCTAVE-S processes and activities
  • introduction to the OCTAVE Allegro variant
  • after the evaluation

OBJECTIVES
Successful completion of this course will enable participants to This course will help participants to

  • understand the purpose of the OCTAVE Method and the key characteristics of the process
  • be ready to use the OCTAVE Method, OCTAVE-S, and OCTAVE Allegro
  • understand how to get started and when to tailor the process and artifacts to meet their unique organizational needs

Course Materials
Participants will receive:

LOGISTICS

Class Schedule
This three-day course meets at the following times:
Day 1, 9:00 a.m.-5:00 p.m.
Day 2, 9:00 a.m.-5:00 p.m.
Day 3, 9:00 a.m.-3:00 p.m.

Hotel and Travel Information
Information about traveling to the SEI offices is available on our Travel and Lodging Web pages.

Questions about this course?
Please see our Frequently Asked Questions Web page for answers to some of the more common inquiries about SEI Education and Training.

If you need more information, contact us via e-mail at training-info@cert.org or telephone at +1 412-268-9564.

 

 

Related Products and Services
 

Publications
Managing Information Security Risks: The OCTAVE Approach (part of the SEI Series in Software Engineering)

Introducing OCTAVE Allegro

Managing for Enterprise Security

Course Registration
 

  Register for 2008 Dates
 		 

^
TOP