search menu icon-carat-right cmu-wordmark

An Alternative to Risk Management for Information and Software Security

In this podcast, Brian Chess explain how standards, compliance, and process are better than risk management for ensuring information and software security.

Software Engineering Institute



Standard, compliance, and process are more effective than risk management for ensuring an adequate level of information and software security.

Related Course
Assessing Information Security Risk Using the OCTAVE Approach

About the Speaker

Headshot of Julia Allen.

Julia H. Allen

Julia Allen is an SEI alumni employee.

Julia Allen is a principal researcher within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Allen’s areas of interest include operational resilience, security governance, and measurement and analysis. Prior to this technical assignment, …

Read more