Lisa Young

Lisa Young, CISA, CISM, CISSP, is a senior engineer at CERT in the Software Engineering Institute at Carnegie Mellon University where she serves as a contributing developer of the CERT Resilience Management Model (RMM).  She holds the designation of Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP) and is experienced in IT governance, audit, security and risk management.  Lisa teaches the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE®) risk-based assessment methodology at the Software Engineering Institute, and is co-author of the OCTAVE Allegro risk assessment methodology. She also teaches at the CIO and CISO Institutes for the Heinz College at Carnegie Mellon University. Lisa was a member of the ISACA international task force that developed the RISK-IT Framework and Practitioner’s guide, a risk framework which is now part of COBIT5® to provide guidance for organizations in managing IT-related business risks.