Risk Assessment training teaches managers, executives, security and business continuity professionals, process improvement professionals, risk managers, and compliance personnel to develop strategies for protecting their organizations from security threats, managing their risks, and applying a process improvement approach to risk and security management. Topics covered include the CERT Resilience Management Model (CERT-RMM), OCTAVE, OCTAVE-S, and OCTAVE Allegro methods, and insider threat best practices.
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) approach. The OCTAVE approach provides organizations a comprehensive methodology that focuses on information assets in their operational contexts. Risks are identified and analyzed based on where they originate—at the points where information is stored, transported, and processed. By focusing on operational risks to information, participants learn to view risk assessment in the context the organization's strategic objectives and risk tolerances.
The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context. Risks are identified and analyzed based on where they originate, at the points where information is stored, transported, and processed. By focusing on operational risks to information assets, participants learn to view risk assessment in the context of the organization's strategic objectives and risk tolerances.
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT® Resilience Management Model (CERT-RMM) v1.1. Individuals seeking to become SEI-certified CERT-RMM Lead Appraisers must complete this course as part of their certification requirements.
Improve your organizational resiliency by attending a year-long series of workshops at the Software Engineering Institute (SEI). You will experience hands-on activities to understand, compare, and enhance your organizational resilience, using the CERT-RMM as the guide. The CERT-RMM helps to ensure that the organization's important assets - people, information, technology, and facilities - stay productive in supporting business processes and services.
The CERT Program at Carnegie Mellon University's Software Engineering Institute has been researching insider threats since 2002. Our Insider Threat Study, conducted in partnership with the U.S. Secret Service, collected and analyzed over 150 actual insider threat cases that occurred between 1996 and 2002 and published a series of reports detailing findings and implications of the study. In addition to the initial 150 cases, we have gathered and analyzed approximately 100 additional insider threat cases, from 2002 through the present, to supplement the original Insider Threat Study.
This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.1. CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk. By improving operational resilience processes (such as vulnerability analysis, incident management, and service continuity), an organization can use the model to improve and sustain the resilience of mission-critical assets and services. Because organizations can't plan for every disruption, the maturity model feature of CERT-RMM can be used to measure and improve the consistency and predictability of performance under times of stress.
This two-day course provides the foundation for a more practical approach to risk management that builds from a straightforward, broad-view method to a complex array of techniques needed for in-depth analyses of complex risks. Through an interactive learning environment using discussion, examples, worksheets, and exercises, participants will be able to grasp the essentials of the practical, easy-to-use techniques.
This online course introduces risk management concepts and explains the 20 key drivers that comprise the SEI risk-based method for assessing complex projects, the Mission Diagnostic Protocol. This course explains what these drivers are and how the assessment of a program using the drivers creates a profile of a program's chances of success.
Please tell us what you
think with this short
(< 5 minute) survey.