search menu icon-carat-right cmu-wordmark

A Method for Assessing Cloud Adoption Risks

November 2022 Podcast
Christopher J. Alberts

Chris Alberts discusses with Suzanne Miller a prototype set of cloud adoption risk factors and describes a method that managers can employ to assess their cloud initiatives against these risk factors.

“You can think of the Mission Risk Diagnostic as equivalent to going to your primary care physician. They’ll check your temperature, blood pressure, and a few things like that. And if there’s some type of an issue, then they’ll have you do an ultrasound or an MRI. We’ve positioned this as the health check, and we have deep-dive techniques that are associated with it and can provide specific information to us that relate to what we find in the Mission Risk Diagnostic.”

Listen

Watch

Abstract

The shift to a cloud environment provides significant benefits. Cloud resources can be scaled quickly, updated frequently, and widely accessed without geographic limitations. Realizing these benefits, however, requires organizations to manage associated organizational and technical risks. In this podcast, Chris Alberts, principal cybersecurity analyst in the SEI’s CERT Division, discusses with Suzanne Miller a prototype set of cloud adoption risk factors and describes a method that managers can employ to assess their cloud initiatives against these risk factors.

About the Speaker

Christopher J. Alberts

Christopher J. Alberts

Christopher Alberts is a Principal Engineer/Senior Cybersecurity Analyst in the CERT® Division at the Software Engineering Institute.

Alberts leads applied research projects in software assurance ...

Christopher Alberts is a Principal Engineer/Senior Cybersecurity Analyst in the CERT® Division at the Software Engineering Institute.

Alberts leads applied research projects in software assurance and cybersecurity. He is currently leading two projects: Security Engineering Risk Analysis (SERA) and Software Assurance Framework (SAF). The SERA Method defines a systematic approach for analyzing complex security risks in software-reliant systems and systems of systems across the lifecycle and supply chain. The SAF is a compilation of software assurance practices that an organization can use to assess its current capability for acquiring and engineering secure software-reliant systems and chart a course for improvement.

Prior to his current projects, Alberts developed the OCTAVE® approach for evaluating information security risks and the Continuous Risk Management method for managing software development project risks. His research interests include risk analysis, measurement, and assessment.

Alberts has co-authored two books, Managing Information Security Risks: The OCTAVE Approach (Addison-Wesley 2002) and the Continuous Risk Management Guidebook (Software Engineering Institute 1996). He has also published more than 50 technical reports and articles.

Prior to the SEI, Alberts worked at Carnegie Mellon Research Institute and AT&T Bell Laboratories.

Alberts holds a BS and Master’s in Mechanical Engineering from Carnegie Mellon University.

Contact: Christopher Alberts

Read more