Bradford J. Willke
Software Engineering Institute
Bradford Willke is an SEI alumni employee.
Bradford Willke is a senior member of the technical staff within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University. Willke is responsible for leading the Information Security Assessment and Evaluation team, and conducts research, development, and process improvement activities in risk, threat, and vulnerability management methodology related to information security management. Willke also leads projects to develop strategies and provide support for national and international critical infrastructure protection initiatives. In addition, he worked on the development of the SEI’s principle risk assessment methodology, the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE™) Method. Before joining the SEI, Willke managed technology and security operations for computing resources of the 90th Security Police Squadron, Francis E. Warren Air Force Base, Wyoming. Willke served in the United States Air Force as a law enforcement specialist and organizational computer security officer from 1993-1997. Willke holds a professional certificate in information protection and security from the University of New Haven, and received a BS in information systems technologies from Southern Illinois University at Carbondale. He received an AAS in criminal justice from the Community College of the Air Force, and has been a Certified Information System Security Professional (CISSP) since 2004.
Publications by Bradford J. Willke
-
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability, Version 2.0
April 01, 2011 • Technical Report
John HallerSamuel A. MerrellMatthew J. Butkovic
In this 2011 report, an update to its 2010 counterpart, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read -
Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability
June 01, 2010 • Special Report
John HallerSamuel A. MerrellMatthew J. Butkovic
In this report, the authors provide insight that interested organizations and governments can use to develop a national incident management capability.
read -
Managing Risk to Critical Infrastructures at the National Level
August 05, 2008 • Podcast
Bradford J. WillkeJulia H. Allen
In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life.
learn more -
Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System
May 01, 2008 • White Paper
Dawn CappelliAkash G. Desai (Information Networking Institute, Carnegie Mellon University)Andrew P. Moore
In this paper, the authors describe the MERIT insider threat model and simulation results.
read -
Insider Threat Study: Illicit Cyber Activity in the Government Sector
January 01, 2008 • White Paper
Eileen Kowalski (United States Secret Service)Dawn CappelliBradford J. Willke
In this paper, the authors present the findings of a research effort to examine reported insider incidents in the government sector.
read -
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks
March 01, 2007 • Technical Note
Dawn CappelliAkash G. Desai (Information Networking Institute, Carnegie Mellon University)Andrew P. Moore
In this 2006 report, the authors describe MERIT insider threat model and simulation results.
read -
Information Asset Profiling
June 01, 2005 • Technical Note
James F. StevensRichard A. CaralliBradford J. Willke
In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.
read -
Managing for Enterprise Security
December 01, 2004 • Technical Note
Richard A. CaralliJulia H. AllenJames F. Stevens
In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.
read -
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management
July 01, 2004 • Technical Report
Richard A. CaralliJames F. StevensBradford J. Willke
In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
read