|
OCTAVE (2 days)
This two-day course is designed to help analysts perform information security risk assessments using the OCTAVE method (“Operationally Critical Threat, Asset, and Vulnerability Evaluation”). Through readings, class exercises, demonstrations and discussions, the course covers the OCTAVE method, how to prepare for implementing it, and guidelines for adapting OCTAVE to the needs of a given company. By the end of the course, participants will be able to manage and control information security risks, perform information security assessments, and develop risk mitigation plans that take into account strategic, administrative, technological and organizational factors.
Curriculum
Day 1 : Presentation and organizational view
- Overview of OCTAVE
- Phase 1 – OCTAVE method processes 1 through 3
- Phase 1 – OCTAVE method process 4
- Phase 2 – OCTAVE method process 5
Day 2 : Technological view and risk analysis
- Phase 2 – OCTAVE method process 5 (cont.)
- Phase 2 – OCTAVE method process 6
- Phase 3 – OCTAVE method process 7
- Phase 3 – OCTAVE method process 8
- The OCTAVE method implementation guide
- Preparing to conduct the OCTAVE method
- Tailoring the evaluation to your organization
- Conclusion
Prerequisites :
General information :
- Maximum number of students: 12
- A certificate of attendance will be given to participants
|
