Overview:

Understanding how to effectively assess risk may be a challenge for many industries. The risk assessment methods: OCTAVE, EBIOS, and MEHARI, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization.

OCTAVE – Operationally Critical Threat, Asset, and Vulnerability Evaluation were developed by the Computer Emergency Response Team (CERT), and it was funded by the US Department of Defense. This risk assessment tool is used to help prepare organizations for security strategic assessments and planning for their information.

EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité, was developed by the French Central Information Systems Security Division. The goal of this risk assessment tool is to assess and treat risks with an IS, which would result in assisting the management decision-making, and guide stakeholders to find a mutual set of discussions.

MEHARI - Methode Harmonisee d’Analyse de Risques, was developed by CLUSIF, a non-profit Information Security organization. The goal of this risk assessment tool is to mostly to provide guidelines for ISO/IEC 27005 Implementation and analyze scenario-based risks landscapes for short-long term security management.

The OCTAVE Risk Manager training enables you to develop the necessary competences to support organizations in improving the Information Security Risk Assessment Process based on the OCTAVE Allegro method. During this training course, you will be able to acquire the necessary skills to establish risk measurement criteria, develop information asset profile, identify information asset containers, identify areas of concerns, identify threat scenarios, identify risks, analyze risks, and select mitigation approaches.

Based on practical exercises and case studies, you will have the opportunity to develop the necessary knowledge and skills to perform an optimal identification, evaluation, and improvement of information security risk assessment based on OCTAVE Allegro method. This training fits perfectly in the framework of the ISO/IEC 27001 standard implementation process.

After mastering all the concepts of risk assessment using the OCTAVE Allegro method, you can demonstrate that you have the practical knowledge and professional capabilities to support an organization in performing a risk assessment using the OCTAVE method.

Duration:  02 days

Objectives:

• Understand the basic concepts of Information Security risk management
• Understand the main steps of the OCTAVE Allegro risk assessment method
• Interpret the requirements for OCTAVE Allegro
• Gain the ability to perform a risk assessment based on the OCTAVE Allegro method

Intended Audience: 

• Individuals participating in risk assessment activities using the OCTAVE method
• Managers seeking to acquire the necessary skills to perform qualitative risk evaluation
• Managers seeking to develop the necessary skills for identification of assets, vulnerabilities and threats to those assets
• Individuals seeking to support organizations to determine and evaluate potential consequences of threats 

Course outlines:

1.  Day 1: Introduction to risk assessment and Steps 1 to 3 of OCTAVE Allegro method
2.  Day 2: Steps 4 to 8 of OCTAVE Allegro method and final conclusions