Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University
Menu
Home Digital Library Bradford J. Willke | SEI Digital Library

Digital Library

Bradford J. Willke

Author

Bradford J. Willke

3439

Software Engineering Institute
Bradford Willke is a senior member of the technical staff within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University. Willke is responsible for leading the Information Security Assessment and Evaluation team, and conducts research, development, and process improvement activities in risk, threat, and vulnerability management methodology related to information security management. Willke also leads projects to develop strategies and provide support for national and international critical infrastructure protection initiatives. In addition, he worked on the development of the SEI’s principle risk assessment methodology, the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE™) Method. Before joining the SEI, Willke managed technology and security operations for computing resources of the 90th Security Police Squadron, Francis E. Warren Air Force Base, Wyoming. Willke served in the United States Air Force as a law enforcement specialist and organizational computer security officer from 1993-1997. Willke holds a professional certificate in information protection and security from the University of New Haven, and received a BS in information systems technologies from Southern Illinois University at Carbondale. He received an AAS in criminal justice from the Community College of the Air Force, and has been a Certified Information System Security Professional (CISSP) since 2004.

April 2011 - Technical Report Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0

Topics: Incident Management

In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.

June 2010 - Special Report Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability

Topics: Incident Management

In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.

August 2008 - Podcast Managing Risk to Critical Infrastructures at the National Level

In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life.

May 2008 - White Paper Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System

Topics: Insider Threat

In this paper, the authors describe the MERIT insider threat model and simulation results.

January 2008 - White Paper Insider Threat Study: Illicit Cyber Activity in the Government Sector

Topics: Insider Threat

In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.

March 2007 - Technical Note Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks

Topics: Insider Threat

In this 2006 report, the authors describe MERIT insider threat model and simulation results.

June 2005 - Technical Note Information Asset Profiling

Topics: Cyber Risk and Resilience Management

In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.

December 2004 - Technical Note Managing for Enterprise Security

Topics: Cyber Risk and Resilience Management

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.

July 2004 - Technical Report The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

Topics: Cyber Risk and Resilience Management

In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.