Good information security does not just happen—and often does not happen at all. Resources are always in short supply, and there are always other needs that seem more pressing.
BiographyUsing over 25 years of experience in software development and project management spanning mainframe, client-server, and Web environments in higher education, banking, government, and manufacturing, Carol Woody is leading projects at the Software Engineering Institute (SEI) at Carnegie Mellon University to improve management strategies to address security, survivability, and reliability in the development and operational support of complex software and systems. Carol is a member of the Risk Assessment Working Group established by the EDUCAUSE/Internet2 Security Task Force. She was a developer and currently teaches the OCTAVE Methodology, an operational security risk methodology created by SEI. She is a distinguished speaker for IEEE. Carol holds a B.S. in mathematics from the College of William and Mary, an M.B.A with distinction from Wake Forest University, and a PhD in Information Systems from Nova Southeastern University.
HEISC Risk Assessment Working Group