Dr. Carol Woody is a principal researcher for the CERT division of the Software Engineering Institute at Carnegie Mellon University. Her research focuses on building capabilities and competencies for measuring, managing, and sustaining cybersecurity for highly complex networked systems and systems of systems. Dr. Woody has successfully implemented technology solutions for such diverse domains as banking, mining, manufacturing and finance. She has coauthored a book Cyber Security Engineering: A Practical Approach for Systems and Software Assurance published by Pearson Education as part of the SEI Series in Software Engineering. The CERT Cybersecurity Engineering and Software Assurance Professional Certificate, released in March 2018, is based on the research she led. Dr. Woody holds a B.S. in mathematics from the College of William & Mary, an M.B.A. with distinction from Wake Forest University, and a Ph.D. in information systems from NOVA Southeastern University.
Podcasts / Webinars
CSIAC Webinars » Security Engineering Risk Analysis (SERA): Connecting Technology Risk To Mission Impact
The SERA Method defines a systematic approach for evaluating cybersecurity risk in highly complex networked environments. This method uses a scenario-based approach to analyze how an attacker could leverage available attack vectors and technology vulnerabilities to compromise confidentiality, integrity, and availability of mission-critical data and impact operational mission success. SERA can be applied at any point in the lifecycle to construct cyber-risk scenarios that show how the technology within a system and its context including supply chains and trusted connections in a system-of-systems provides opportunities for attackers to disrupt mission execution. Analysis of the scenarios will determine what risks are critical and which controls are important to reduce mission impact.