search menu icon-carat-right cmu-wordmark

Posts by Doug Gray

Agile Project Management for Information Security Continuous Monitoring Response

Agile Project Management for Information Security Continuous Monitoring Response

• Blog
Doug Gray

According to the National Institute of Standards and Technology (NIST), Information Security Continuous Monitoring (ISCM) is a process for continuously analyzing, reporting, and responding to risks to operational resilience (in an automated manner, whenever possible). Compared to the traditional method of collecting and assessing risks at longer intervals--for instance, monthly or annually--ISCM promises to provide near-real-time situational awareness of an organization's risk profile. ISCM creates challenges as well as benefits, however, because the velocity of...

Read More
Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks

Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks

• Blog
Doug Gray

By Douglas Gray Information Security Engineer CERT Division In leveraging threat intelligence, the operational resilience practitioner need not create a competing process independent of other frameworks the organization is leveraging. In fact, the use of intelligence products in managing operational resilience is not only compatible with many existing frameworks but is, in many cases, inherent. While it is beyond the scope of this blog to provide an in-depth discussion of some of the more widely...

Read More
Leveraging Threat Intelligence to Support Resilience, Risk, and Project Management

Leveraging Threat Intelligence to Support Resilience, Risk, and Project Management

• Blog
Doug Gray

By Douglas Gray Information Security Engineer CERT Division What differentiates cybersecurity from other domains in information technology (IT)? Cybersecurity must account for an adversary. It is the intentions, capabilities, prevailing attack patterns of these adversaries that form the basis of risk management and the development of requirements for cybersecurity programs. In this blog post, the first in a series, I present strategies for enabling resilience practitioners to organize and articulate their intelligence needs, as well...

Read More

Contact the Author

Doug Gray

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Doug Gray

View publications