Caroline R. Hamilton - Risk Watch
Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.
The New Environment & Risk Assessments
Sep 11, 1998
Abstract
This presentation will explain the concept of Organizational Risk Assessment and how it can be used as the foundation for an information security program. It will discuss the recent political developments related to risk assessment, such as the GAO Report on Security at FAA and the State Department (May, 1998); and will use the Presidential Decision Directives 62 and 63 as examples. It will give participants the basic concepts of risk assessment, including how to value assets, how to gather relevant threat data; how to quantify loss, how to discover vulnerabilities throughout the organization, and how to judge which safeguards should be implemented in an organization by their Return On Investment. This presentation will explain how how risk assessment can be used as the foundation for an evolving security program.About the Speaker
Caroline R. Hamilton is President of a software development company specializing in risk assessment and specialized computer security software. Based in Annapolis, Maryland, she works with security managers at hundreds of federal agencies, state governments and large private companies on how to protect their critical information resources from attack. She has participated in many risk management working groups, including the working group to create a Presidential Directive for Risk Management (The Defensive Information Warfare Risk Management Model - DIWRM2). She is a member of the Standing Committee on Computer Security for the American Society of Industrial Security and is currently writing the risk assessment guidelines for Port Security under the auspices of the U.S. Coast Guard. She has published many articles on risk assessment in journals such as the Computer Security Institute Journal, Defense Electronics, and InfoSecurity News.