Tips on Articulating Cyber Risks and Insider ThreatsRandy Trzeciak and Brett Tucker of Carnegie Mellon University Discuss New Approaches
Communication of cyber risks to executives using enterprise risk methodologies is imperative for improving incident prevention, according to Randy Trzeciak and Brett Tucker of Carnegie Mellon University. They discuss the Octave Forte 10-step process for managing cyber risks.
In a video interview with Information Security Media Group at RSA Conference 2019 in San Francisco, Trzeciak and Tucker discuss:
- Building case studies to articulate insider threats to executives;
- The Octave Forte process;
- Building a cyber risk framework that is scalable and industry agnostic.
Trzeciak, director of the national insider threat center at Carnegie Mellon University, works at the Software Engineering Institute, where his team researches threats that trusted insiders pose to the U.S. government, industry and academia.
Tucker is the technical manager of cybersecurity risk at Carnegie Mellon University's SEI. He has 19 years of experience in the public and private sectors. Previously, Tucker was the global risk manager for Westinghouse, where he managed the corporate enterprise risk portfolio and global insurance programs.