Learn to Assess and Manage Information Security Risks

Using the OCTAVE Allegro™ Approach

In this two-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE) Allegro method.

The OCTAVE Allegro approach provides organisations with a comprehensive methodology which focuses on information assets in their operational context. Risks are identified and analyzed based on where they originate, at the points where information is stored, transported and processed. By focusing on operational risks to information assets, participants learn to view risk assessment in the context of the organisation’s strategic objectives and risk tolerances.

For organisations required to be compliant with PCI-DSS, OCTAVE Allegro satisfies the requirement for an annual risk assessment outlined in paragraph 12.1.2 of the standard. Through lectures, class exercises, and discussions, the course covers the OCTAVE-prescribed activities for risk identification, analysis and response.

After completing the course, attendees will be able to use OCTAVE Allegro to:

  • Gather and organise risk information via interviews, documentation reviews and technical analysis.
  • Create risk evaluation criteria to assess risk commensurate with the organization’s risk appetite and tolerances.
  •  Identify, analyse, and prioritise information security risks.
  •  Improve vulnerability management activities by viewing them in a risk context.
  •  Why managing operational risk is important to managing enterprise risk.
  • Develop risk response strategies appropriate for the organisation’s business requirements.


We bring you this course in partnership with Auldhouse.

Who should attend?

  • Individuals who would like an in-depth understanding of the OCTAVE Allegro Risk Assessment Methodology
  • Security professionals, Business Continuity planners, Compliance personnel, Risk Managers, and other professionals requiring the knowledge and skills to understand Operational Risk and perform Risk Assessments
  • Personnel needing to perform formal Risk Assessment to satisfy PCI-DSS requirements


  • Introduction to OCTAVE Allegro as a structured, repeatable Risk Assessment method that can be used across your organization
  • The importance of Risk Evaluation criteria in the Risk Management process
  • A starting set of Impact Categories and Guidance is provided to establish your organization’s Risk Tolerances
  • Profiling your high-value Information Assets and understanding their role in Service Delivery


This Course will help participants to:

  • Gain a foundational overview of the various elements of Operational Risk.
  • Identify the connections between Information Security, Business Continuity, IT Operations and Operational Risk Management.
  • Obtain a working knowledge of Operational Risk, Threat, Vulnerabilities, Impact, Services and their related Assets.
  • Understand the purpose of the OCTAVE Allegro Structured Risk Management approach.
  • Understand what is required to prepare an organisation for a Risk Assessment using OCTAVE Allegro.
  • Understand 'How to Get Started' and 'When to Tailor the Process' to your organisations unique business requirements.


Participants receive:

  • Slides and handouts
  • USB with course material. 


This two-day course meets at the following times:

Day 1:   8:30 a.m.  -  4:30 p.m.
Day 2:   8:30 a.m.  -  4:30 p.m.

If you are interested in the above presentation, but the dates don't work for you or your organisation, no problem - contact us to see how we can help.