�
�
This three-day workshop is designed to help individuals and analysis teams lead and perform information security risk evaluations such as the Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE®) Approach.
OCTAVE is a self-directed risk evaluation that provides organizations with control over security risks; balances critical information assets, business needs, threats, and vulnerabilities; and benchmarks organizations against known or accepted best practices for security.
Through lectures, class exercises, demonstrations, and discussions, the workshop covers OCTAVE, preparation for implementing OCTAVE, and guidelines for tailoring OCTAVE. After completing the workshop, attendees will be able to manage and control enterprise-wide information security risk evaluations; perform information security assessments and act as a focal point for security improvement efforts; and develop appropriate mitigation plans by considering policy, management, administrative, technological, and other organizational issues.
The workshop focuses on the OCTAVE Method, which is targeted to large organization, and includes a module on OCTAVE-S, which is for smaller organizations. This workshop is ideal for teams planning on implementing a risk evaluation process within their organizations, in which case it is recommended that all members of the evaluation team (3-5 people) should attend.
If you have not selected an analysis team, Volume 2 of the OCTAVE Method Implementation Guide can give you guidance, available on the CERT Web site as a PDF file.
There are no prerequisites for this workshop.
This workshop will help participants to