icon-carat-right menu search cmu-wordmark

Assessing Information Security Risk Using the OCTAVE Approach - eLearning

In this 11 module, online course participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.

The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context. Risks are identified and analyzed based on where they originate, at the points where information is stored, transported, and processed. By focusing on operational risks to information assets, participants learn to view risk assessment in the context of the organization's strategic objectives and risk tolerances.

For organizations required to be compliant with PCI-DSS v2.0, OCTAVE Allegro satisfies the requirement for an annual risk assessment outlined in paragraph 12.1.2 of the standard.

Through 27 video lectures the course covers the OCTAVE-prescribed activities for risk identification, analysis, and response. After completing the course, attendees will be able to use OCTAVE Allegro to:

  • gather and organize risk information via interviews, documentation reviews, and technical analysis
  • create risk evaluation criteria to assess risk commensurate with the organization's risk appetite and tolerances
  • identify, analyze, and prioritize information security risks
  • improve vulnerability management activities by viewing them in a risk context
  • why managing operational risk is important to managing enterprise risk
  • develop risk response strategies appropriate for the organization's business requirements

Audience

  • Individuals who would like an in-depth understanding of the OCTAVE Allegro Risk Assessment Methodology
  • Security professionals, business continuity planners, compliance personnel, risk managers, and other professionals requiring the knowledge and skills to understand operational risk and perform risk assessments
  • Personnel needing to perform formal risk assessment to satisfy PCI-DSS requirements

Objectives

This course will help participants to

  • gain a foundational overview of the various elements of operational risk
  • make the connection between information security, business continuity, IT operations and operational risk management
  • obtain a working knowledge of operational risk, threat, vulnerabilities, impact, services, and their related assets
  • understand the purpose of the OCTAVE Allegro structured risk management approach
  • understand what is required to prepare an organization for a risk assessment using OCTAVE Allegro
  • understand how to get started and when to tailor the process to meet unique organizational needs

Topics

  • introduction to OCTAVE Allegro as a structured, repeatable risk assessment method that can be used across the organization
  • the importance of risk evaluation criteria in the risk management process
  • a starting set of impact categories and guidance is provided to establish your organization's risk tolerances
  • profiling high-value information assets and understanding their role in service delivery
  • the role of threat and vulnerability identification in risk management
  • prioritization of risk response based on organizational impact

Assessing Information Security Risk Using the OCTAVE Approach online version will require a minimum of 5 hours of study time. The 11-module course contains 27 video lectures. Once registered, learners will be granted 24-hour-a-day access to the course material for 12 months.

Learners can proceed through the course at their convenience and can review and repeat individual sections as often as needed.

Materials

  • Recorded instruction presented by SEI instructors
  • 27 video training sessions with transcripts

This course is presented in the form of video-recorded training sessions that were presented by SEI instructors to a classroom of students representing a variety of industries.

Instructor demonstrations included with the course explore and reinforce the concepts taught and how they can be successfully applied.

Prerequisites

To access the SEI Learning Portal, your computer must have the following:

  • For optimum viewing, we recommend using the following browsers: Microsoft Edge, Mozilla Firefox, Google Chrome, Safari
  • These browsers are supported on the following operating systems: Microsoft Windows 8 (or higher), OSX (Last two major releases), Most Linux Distributions
  • Mobile Operating Systems: iOS 9, Android 6.0
  • Microsoft Edge, Firefox, Chrome and Safari follow a continuous release policy that makes difficult to fix a minimum version. For this reason, following the market recommendation we will support the last 2 major version of each of these browsers. Please note that as of January 2018, we do not support Safari on Windows.

 

IMPORTANT NOTICE:

Carnegie Mellon University/Software Engineering Institute offices will be closed for winter break, December 21, 2024-January 1, 2025. SEI course registrations received during this period will be confirmed and enrollment completed upon our return on January 2, 2025.

Course Questions?

Email: course-info@sei.cmu.edu
Phone: 412-268-7388

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.