OCTAVE FORTE: Connecting the Board Room to Cyber Risk
Organizations need an adaptable and agile process that allow executives to have a real-time view of cyber risks. To address this challenge, the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process has been assisting organizations to assess their technical risks for the better part of two decades, and the SEI has recently worked to update the process model to manage cyber risks in a manner that is consistent across an entire enterprise. FORTE focuses upon building an Enterprise Risk Management (ERM) program for organizations with nascent risk management programs or improve upon existing programs to drive risk management with a process that spans the entire risk management life cycle from identification through closure.
This course is targeted to executives, managers, and technical staff who play a decision making role in the enterprise. This may include members of the following functions:
- Information security
- Information systems
- Risk management
This course educates participants in the application of the OCTAVE FORTE process. The process consists of ten steps that identify, analyze, and respond to various threats to an enterprise. At the completion of the course, learners will be able to:
- Apply principles of enterprise risk management to their daily activities
- Describe and apply principles of risk management
- Establish governance, risk appetite, and risk related policies that drive an enterprise-wide risk management program
- Implement a standard process for managing risks
- Identify and address relevant threats and opportunities that may impact strategic goals
- Fundamental Principles of Risk Management
- Frameworks and Standards
- Establishing Risk Governance and Appetite
- Managing Critical Services and Assets
- Gathering Resilience Requirements
- Risk Analysis
- Response Planning
- Measuring Risk Program Effectiveness
Participants will receive a course notebook and a downloadable copy of course materials, including course slides, supplementary handouts, and exercises.
This course has no prerequisite requirements.
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.