William R. Wilson

Software Engineering Institute

William Wilson is acting director of the SEI CERT Division. Wilson previously served as CERT Deputy Director. He provides leadership in establishing and executing the overall direction and technical portfolio of the program and regularly interacts with the program’s strategic customers. The mission of the CERT Division is to identify new technologies, system development practices, and management practices that will significantly improve networked systems security and survivability, mature these technologies and practices, apply the technologies and practices to meet the needs of the program’s stakeholders, and transition these technologies and practices into widespread use. Wilson also served as the technical manager of CERT’s Survivable Enterprise Management (SEM) Initiative, where he was responsible for the development and transition of methods and techniques that assist organizations in enterprise security management and information security risk assessment and management.

Before joining the SEI, Wilson served as the technical director of the National Security Agency's Software Engineering Center. During his more than twelve years at the NSA, Wilson held positions in software development and acquisition, systems engineering, and technical project management.

He holds a bachelor's degree in computer science from the Pennsylvania State University and a master's degree in computer systems management from the University of Maryland.

Publications by William R. Wilson

The Path from Information Security Risk Assessment to Compliance

November 13, 2007 • Podcast

William R. Wilson Julia H. Allen

In this podcast, William Wilson explains how an information security risk assessment, performed with operational risk management, can contribute to compliance.
learn more
Using Standards to Build an Information Security Program

July 10, 2007 • Podcast

William R. Wilson Julia H. Allen

In this podcast, William Wilson explains how business leaders can use international standards to create a business- and risk-based information security program.
learn more
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

May 01, 2007 • Technical Report

Richard A. Caralli James F. Stevens Charles M. Wallen (Financial Services Technology Consortium)

In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
read
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

May 01, 2007 • Technical Report

Richard A. Caralli James F. Stevens Lisa R. Young

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.
read
Managing for Enterprise Security

December 01, 2004 • Technical Note

Richard A. Caralli Julia H. Allen James F. Stevens

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.
read
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

July 01, 2004 • Technical Report

Richard A. Caralli James F. Stevens Bradford J. Willke

In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
read
Building a Practical Framework for Enterprise-Wide Security Management

April 28, 2004 • Presentation

Julia H. Allen Kevin Behr (IP Services and ITPI)Richard A. Caralli

In this presentation, the authors describe a practical framework for enterprise-wide security management as developed by the CERT Division.
read
Maturing Your Approach to "Security Management"

January 01, 2004 • Presentation

Richard A. Caralli William R. Wilson

In this presentation, the authors describe the challenges in assuring security, roadblocks that security approaches face, and how to solve these problems.
read
Applying Critical Success Factors to Information Security Planning

January 01, 2004 • Presentation

Richard A. Caralli William R. Wilson

In this presentation, the authors discuss critical success factors and their use in security management, and provide development and analysis examples.
read
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0

September 01, 1999 • Technical Report

Christopher J. Alberts Sandra Behrens Richard D. Pethia

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) is a framework for identifying and managing information security risks.
read
Responding to Intrusions

February 01, 1999 • Security Improvement Module

Klaus-Peter Kossakowski Suresh Konda William R. Wilson

This 1999 report is one of a series of SEI publications that are intended to provide practical guidance to help organizations improve the security of their networked computer systems. This report is intended for system and network administrators, managers of information systems, and security personnel responsible for networked information resources.
read