CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

The New Environment & Risk Assessments

Caroline R. Hamilton

Caroline R. Hamilton - Risk Watch

Sep 11, 1998

Abstract

This presentation will explain the concept of Organizational Risk Assessment and how it can be used as the foundation for an information security program. It will discuss the recent political developments related to risk assessment, such as the GAO Report on Security at FAA and the State Department (May, 1998); and will use the Presidential Decision Directives 62 and 63 as examples. It will give participants the basic concepts of risk assessment, including how to value assets, how to gather relevant threat data; how to quantify loss, how to discover vulnerabilities throughout the organization, and how to judge which safeguards should be implemented in an organization by their Return On Investment. This presentation will explain how how risk assessment can be used as the foundation for an evolving security program.

About the Speaker

Caroline R. Hamilton is President of a software development company specializing in risk assessment and specialized computer security software. Based in Annapolis, Maryland, she works with security managers at hundreds of federal agencies, state governments and large private companies on how to protect their critical information resources from attack. She has participated in many risk management working groups, including the working group to create a Presidential Directive for Risk Management (The Defensive Information Warfare Risk Management Model - DIWRM2). She is a member of the Standing Committee on Computer Security for the American Society of Industrial Security and is currently writing the risk assessment guidelines for Port Security under the auspices of the U.S. Coast Guard. She has published many articles on risk assessment in journals such as the Computer Security Institute Journal, Defense Electronics, and InfoSecurity News.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.