Risk assessment with

the OCTAVE method

Developing the necessary skills to perform a Risk Assessment Duration: 3 Days

based on the OCTAVE Method Prerequisites
- A basic knowledge of risk

Summary Management and the

OCTAVE method is
It should be noted that this training can be delivered as a specific course or
recommended
in combination with ISO 27005 or ISO 31000. In this three-day intensive Who should attend?
course participants develop the competence to master the basic risk - Risk managers and IT
management elements related to all assets of relevance for information consultants

security using OCTAVE method. The OCTAVE method (Operationally Critical - Individuals responsible for

Threat, Asset, and Vulnerability Evaluation) was developed by CERT information security or
conformity within an
(Computer Emergency Response Team). Based on practical exercises and
organization
case studies, participants acquire the necessary knowledge and skills
- Members of the information
needed to perform an optimal information security risk assessment and security team
manage risks in time by being familiar with their life cycle. This training fits - Staff participating in the
perfectly in the framework of an ISO/IEC 27001 standard implementation activities of risk assessment
process. with the OCTAVE method
Learning Objectives

Course Agenda - To understand the concepts,

approaches, methods and
Day 1 - Start of a risk assessment with OCTAVE
techniques allowing an
- Standards, frameworks and methodologies in risk management
effective management of risk
- Phase 1 - Process 1 to 3 (Understanding the Organization)
- Phase 1 - Process 4 (Create profile threats) according to the OCTAVE

- Phase 2 - Process 5 (Identification of key components) method

Day 2 Assessment of vulnerabilities and risk, according to OCTAVE - To develop the necessary
- Phase 2 - Process 5 (Continued) skills to conduct a risk
- Phase 2 - Process 6 (Evaluation of selected components) assessment with the OCTAVE
- Phase 3 - Process 7 (Conducting the risk assessment) method
- Phase 3 - Process 8 (Development of a Protection Strategy) - To master the steps to
Day 3 - The OCTAVE Method Implementation approach and conclusion conduct a risk assessment
- Phase 3 Process 8 (Development of a Protection Strategy cont.) with the OCTAVE method
- The OCTAVE Method Implementation Guide
- To interpret the
- Tailoring the evaluation to your organization
requirements of ISO 27001
- OCTAVE - S
on information security risk
management
- To understand the
relationship between the
information security risk
management, the security
controls and the compliance
with the requirements of
different stakeholders of an
organization
 PECB official training course

Exam and Certification

Not applicable

General Information
A copy of the official documentation on OCTAVE published by CERT is given to participants together
with a participant manual containing over 250 pages of information and practical examples
A participation certificate of 21 CPD (Continuing Professional Development) credits is awarded to
the participants

About BESECURE
BESECURE, one of the most trusted Governance Risk and Compliance solutions and services Providers,
provides Compliance Services based on legal and regulatory requirements, designs and implements
advanced IT security solutions, delivers information Security Training Seminars, provides Managed
Security services, performs Penetration Tests and Vulnerability Assessments covering all phases of the
life cycle of information security. BESECURE applies a certified Quality Management System according
to ISO 9001:2008 and a certified Information Security Management System according to ISO 27001

19, Syggrou Ave. GR - 117 43, Athens, Greece, e-mail: info@besecuregroup.com 133 Franglinou Roosevelt Ave, 3011, Limassol, Cyprus
Tel.: +30 210 330 7 440, Fax: +30 210 330 7 441 web: www.besecuregroup.com Tel. +357 25029300, Fax: +357 25029301

BESECURE Managed E-Business Security and BESECURE logo are trademarks of BESECURE. Copyright 2008. All rights reserved BS-049.09.12