A well executed risk assessment is a crucial element in an effective security program; good risk assessments will help prevent security incidents from occurring. This interactive session will engage the audience in an overview of the NIST risk management procedures. We will discuss an example (eCommerce) covering the key concepts: assessing risk, responding to risk, and monitoring risk. Target audience: project managers, development managers, team leads, business analysts, and auditors. A grasp of the basics of risk management is helpful, but no programming experience is necessary.

Conrad has held a variety of positions in IT Audit, Application Development, Management, and Web Security in Fortune 50, non-profit, and government sectors. He has been implementing and advising on IT security solutions for several years. He currently hacks government web apps for a living.

Back to Louisville InfoSec 2013 video list