search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

OCTAVE FORTE: Connecting the Board Room to Cyber Risk

Organizations need an adaptable and agile process that allow executives to have a real-time view of cyber risks. To address this challenge, the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process has been assisting organizations to assess their technical risks for the better part of two decades, and the SEI has recently worked to update the process model to manage cyber risks in a manner that is consistent across an entire enterprise. FORTE focuses upon building an Enterprise Risk Management (ERM) program for organizations with nascent risk management programs or improve upon existing programs to drive risk management with a process that spans the entire risk management life cycle from identification through closure.

Audience

This course is targeted to executives, managers, and technical staff who play a decision making role in the enterprise. This may include members of the following functions:

  • Security
  • Information security
  • Information systems
  • Strategy
  • Risk management
  • Operations

Objectives

This course educates participants in the application of the OCTAVE FORTE process. The process consists of ten steps that identify, analyze, and respond to various threats to an enterprise. At the completion of the course, learners will be able to:

  • Apply principles of enterprise risk management to their daily activities
  • Describe and apply principles of risk management
  • Establish governance, risk appetite, and risk related policies that drive an enterprise-wide risk management program
  • Implement a standard process for managing risks
  • Identify and address relevant threats and opportunities that may impact strategic goals

Topics

  • Fundamental Principles of Risk Management
  • Frameworks and Standards
  • Establishing Risk Governance and Appetite
  • Managing Critical Services and Assets
  • Gathering Resilience Requirements
  • Risk Analysis
  • Response Planning
  • Measuring Risk Program Effectiveness

Materials

Participants will receive a course notebook and a downloadable copy of course materials, including course slides, supplementary handouts, and exercises.

Prerequisites

This course has no prerequisite requirements.

Dates Offered

Register Now

Course Fees [USD]

  • U.S. Industry: $1,500.00
  • U.S. Govt/Academic: $1,200.00
  • International: $2,250.00

Schedule

This 2 day course meets at the following times:

Days 1-2, 8:30 a.m. - 4:30 p.m. Eastern Time

This course may be offered by special arrangement at customer sites. For details, please email course-info@sei.cmu.edu or telephone at +1 412-268-1817.

Course Questions?

Email: course-info@sei.cmu.edu
Phone: 412-268-7388

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.