Retail frameworks and standards for cyber risk assessment

This module outlines two of the main commercial approaches to assessing (rather than managing) cyber risks. The module consists of an initial theoretical section and a second section focused on analysing a wide range of practical applications contexts. The course consists of 24 hours of remote learning, comprising an 8-hour theoretical section and a 16-hour practical section.

Would you like to take the course via e-learning, available 24/7? Register on the platform

Topics

Risk analysis for an IT company: the FAIR method and the OCTAVE method

Target

staff from the private and public sectors of organisations operating at national level, as well as those covered by NIS 2 and DORA
Master’s and PhD students
staff in IT and computer engineering or other management, economic and technological fields

Course structure

Module 1 – FAIR METHOD (FACTOR ANALYSIS OF INFORMATION RISK)

16 hours

An Introduction to the FAIR Method: Principles and General Structure
Understanding risks: assets, threats, vulnerabilities, loss
The FAIR process: risk identification, quantification and analysis
Application of the FAIR framework to the business context
Risk analysis for an IT company, focusing on the financial impact of a data breach

Module 2 - OCTAVE METHOD (OPERATIONALLY CRITICAL THREAT, ASSET, AND VULNERABILITY EVALUATION)

24 hours

Introduction to OCTAVE: an overview and the framework’s objectives
Identification of critical assets and vulnerabilities
Assessment of operational risks and planning of countermeasures
Comparison between OCTAVE and other approaches

Workshop

16 hours

IT - Company network

FAIR activities

Identification of critical assets (e.g. customer databases, servers)
Threat assessment: phishing, malware, DDoS
Risk quantification: probability and economic impact
Output: FAIR report with risk priority chart

OCTAVE activities

Identification of specific vulnerabilities in the corporate network
Mapping of assets and interactions
Risk analysis using OCTAVE, highlighting critical threats

Output: The OCTAVE Action Plan to mitigate priority risks

OT – Industrial plant

FAIR activities

Identification of critical components (PLCs, sensors, networks)
Threat assessment: data manipulation, service disruptions
Quantification of the risk to the plant, with a focus on operational impact
Output: FAIR analysis with risk prioritisation for industrial processes

OCTAVE activities

Analysis of vulnerabilities specific to SCADA systems and OT devices
Detection of targeted attacks (es. ransomware)
Development of anOCTAVE-based mitigation plan

Output: OCTAVE report with OT security recommendations

Retail frameworks and standards for cyber risk assessment

Request more information

Fill in all sections of the form and click CONFIRM.

First name

Last name

Phone

Message

By submitting this form, you acknowledge and agree that the information provided will be transferred to Serics to be processed in accordance with the terms of use. The management and processing of data on this site, including cookies, are handled by Serics.

Accept the privacy policy

Retail frameworks and standards for cyber risk assessment

Topics

Target

Course structure

Retail frameworks and standards for cyber risk assessment

Index

Request more information

You may also be interested in…

Open frameworks and standards for cyber risk assessment

Common criteria for information technology security evaluation