NZ$2,346 – NZ$2,875

Assessing Information Security Risk Using the OCTAVE Approach

Event Information

Share this event

Date and Time




New Zealand

Event description


This course is created and certified by the Software Engineering Institute at Carnegie Mellon University. It is delivered locally by authorised SEI Instructors.

In this two-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.

The OCTAVE Allegro approach provides organisations a comprehensive methodology that focuses on information assets in their operational context. Risks are identified and analyzed based on where they originate, at the points where information is stored, transported, and processed. By focusing on operational risks to information assets, participants learn to view risk assessment in the context of the organization’s strategic objectives and risk tolerances.

For organizations required to be compliant with PCI-DSS v3.2, OCTAVE Allegro satisfies the requirement for an annual risk assessment outlined in paragraph 12.1.2 of the standard. Through lectures, class exercises, and discussions, the course covers the OCTAVE-prescribed activities for risk identification, analysis, and response. After completing the course, attendees will be able to use OCTAVE Allegro to

  • gather and organize risk information via interviews, documentation reviews, and technical analysis
  • create risk evaluation criteria to assess risk commensurate with the organization’s risk appetite and tolerances
  • identify, analyze, and prioritize information security risks
  • improve vulnerability management activities by viewing them in a risk context
  • why managing operational risk is important to managing enterprise risk
  • develop risk response strategies appropriate for the organization’s business requirements


  • Individuals who would like an in-depth understanding of the OCTAVE Allegro Risk Assessment Methodology
  • Security professionals, business continuity planners, compliance personnel, risk managers, and other professionals requiring the knowledge and skills to understand operational risk and perform risk assessments
  • Personnel needing to perform formal risk assessment to satisfy PCI-DSS requirements


  • introduction to OCTAVE Allegro as a structured, repeatable risk assessment method that can be used across the organization
  • the importance of risk evaluation criteria in the risk managment process
  • a starting set of impact categories and guidance is provided to establish your organization’s risk tolerances
  • profiling high-value information assets and understanding their role in service delivery


This course will help participants to

  • gain a foundational overview of the various elements of operational risk
  • the connection between information security, business continuity, IT operations and operational risk management
  • obtain a working knowledge of operational risk, threat, vulnerabilities, impact, services, and their related assets
  • understand the purpose of the OCTAVE Allegro structured risk management approach
  • understand what is required to prepare an organization for a risk assessment using OCTAVE Allegro
  • understand how to get started and when to tailor the process to meet unique organizational needs


Participants will receive:

  • Slides and handouts
  • USB with the course material.


You can apply for a refund via your eventbrite account or by emailing

For cancellations:

  • more than 7 days before the course starts: 80% of the fee will be refunded
  • more than 48 hours before the course starts: 50% of the fee will be refunded
  • less than 48 hours before the course starts: no refund
Share with friends

Date and Time



New Zealand

Save This Event

Event Saved