This training allows learning the stages of conductinga risk assessment with the OCTAVE method. The OCTAVE method (OperationallyCritical Threat, Asset, and Vulnerability Evaluation) was developed by CERT(Computer Emergency Response Team). This training fits perfectly in theframework of an ISO/IEC 27001:2005 standard implementation process

Course Agenda

Conduct a risk assessment with OCTAVE

•Presentation of OCTAVE

Phase 1 - Process 1 to 3 (Understanding the Organization)

Phase 1 - Process 4 (Create threat profiles)

Phase 2 - Process 5 (Identification of key components)

Phase 2 - Process 6 (Evaluation of selected components)

Phase 3 - Process 7 (Conduct the risk assessment)

Phase 3 - Process 8 (Development of a Protection Strategy)

Introduction to OCTAVE-S and OCTAVE Allegro

Prerequisites

•None

Exam and certification

•Not applicable

General information

•The training material on OCTAVE is only available in English

A copy of the official documentation on OCTAVE (including OCTAVE-S and OCTAVE Allegro) published by CERT is given to the participants together with a student manual containing over 100 pages of information and practical examples

A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to the participants

"Taken from PECB <https://pecb.com

         Risk managers 
Persons responsible for information security or conformity within anorganization
Members of the information security team
IT consultants
Staff participating in the activities of risk assessment with the OCTAVE method

To learn the stages ofconducting a risk assessment with the OCTAVE method
To develop the necessary skills to participate in a risk assessment with theOCTAVE method
To understand the concepts, approaches, methods and techniques allowing aneffective management of risk according to OCTAVE (including OCTAVE-S and OCTAVEAllegro)
To interpret the requirements of ISO 27001 on information security riskmanagement