Assessing Cyber Security Risk

Recommend course:



SEI Partner Network Logo

Learn Cyber Reconnaissance through the Centre for Life Long Learning

This cyber security course will enable decision-makers at all levels to focus on critical risks and impacts to the business.  It will help inform senior management of the strategic and operational areas that require attention whilst maintaining transparency through the entire process.

In this intensive two-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. 

The OCTAVE Allegro approach provides organisations a comprehensive methodology that focuses on information assets in their operational context. Risks are identified and analysed based on where they originate, at the points where information is stored, transported, and processed. By focusing on operational risks to information assets, participants learn to view risk assessment in the context of the organisation's strategic objectives and risk tolerances. 

For organisations required to be compliant with PCI-DSS v2.0 (Payment Card Industry Data Security Standard), OCTAVE Allegro satisfies the requirement for an annual risk assessment outlined in paragraph 12.1.2 of the standard. 

Through lectures, class exercises, and discussions, the course covers the OCTAVE-prescribed activities for risk identification, analysis, and response. After completing the course, attendees will be able to use OCTAVE Allegro to:

  • gather and organise risk information via interviews, documentation reviews, and technical analysis
  • create risk evaluation criteria to assess risk commensurate with the organisation's risk appetite and tolerances
  • identify, analyse, and prioritise information security risks
  • improve vulnerability management activities by viewing them in a risk context
  • why managing operational risk is important to managing enterprise risk
  • develop risk response strategies appropriate for the organisation's business requirements

Who should attend:

  • Leaders who are involved with risk-making decisions eg CEO, CIO
  • Security professionals, business continuity planners, compliance personnel, risk managers, and other professionals requiring the knowledge and skills to understand operational risk and perform risk assessments
  • Professionals needing to perform formal risk assessment to satisfy PCI-DSS (Payment Card Industry Data Security Standard) requirements
  • Professionals in government and private sector organisations who need an in-depth understanding of the OCTAVE Allegro Risk Assessment Methodology

Learning objectives: 

This course will help participants to:

  • gain a foundational overview of the various elements of operational risk
  • the connection between information security, business continuity, IT operations and operational risk management
  • obtain a working knowledge of operational risk, threat, vulnerabilities, impact, services, and their related assets
  • understand the purpose of the OCTAVE Allegro structured risk management approach
  • understand what is required to prepare an organisation for a risk assessment using OCTAVE Allegro
  • understand how to get started and when to tailor the process to meet unique organisational needs.

Course outline:

  • introduction to OCTAVE Allegro as a structured, repeatable risk assessment method that can be used across the organisation
  • the importance of risk evaluation criteria in the risk management process
  • a starting set of impact categories and guidance is provided to establish your organisation's risk tolerances
  • profiling high-value information assets and understanding their role in service delivery
  • the role of threat and vulnerability identification in risk management
  • prioritisation of risk response based on organisational impact.

Course format:  

This course was previously only available at Software Engineering Institute, Carnegie Mellon University, USA; it is now available in Australasia with SEI Authorised Instructors. It has a maximum of 30 participants.  

You will receive a workbook, handouts and slides.


There are no prerequisites for this course.


Chris Ward

Further details:
If you would like more information about this programme, please contact us on: 
Ph: 64 4 463 6556 Email:

Customised workshops: 
Victoria Professional and Executive Development are able to customise many of our workshops to meet specific individual or organisational requirements. Please contact us for further information.

Visit Victoria Professional and Executive Development on: