Software Engineering Institute | Carnegie Mellon University

SEI Insights

Home > Authors > Katie C. Stewart

Authors

Katie C. Stewart

CERT

Contact Katie C. Stewart

Posts by Katie

 Why Is Measurement So Hard?

By Katie C. Stewart on February 28, 2018 4:10 PM

Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this is the common question, it lacks context. Organizations vary in size, mission, risk appetites, and budget for security. There is...

 Governing the Internet of Things (IoT)

By Katie C. Stewart on December 20, 2017 6:29 PM

The Internet of Things (IoT) is proliferating exponentially, exposing organizations to an increased risk of IoT-targeted attacks, such as botnets and DDoS attacks. In this blog post, I explore the challenges of dealing with the IoT and some approaches that...

 Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems)

By Katie C. Stewart on November 8, 2017 6:22 AM

In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address the risk of having unsupported software. These five actions work together to protect your organization from cyber attacks when it...

 Create a Policy to Manage Unsupported Software (Part 6 of 7: Mitigating Risks of Unsupported Operating Systems)

By Katie C. Stewart on November 1, 2017 7:37 AM

Although you can accept the risk of running unsupported software, you should treat it as a temporary strategy. In this post, I discuss the importance of establishing a policy for upgrading, replacing, or retiring unsupported software across the organization....

 Establish and Maintain Whitelists (Part 5 of 7: Mitigating Risks of Unsupported Operating Systems)

By Katie C. Stewart on October 25, 2017 6:40 AM

Software whitelists, part of an organization's software policies, control which applications are permitted to be installed or executed on an organization's devices and network. In this post, I describe how whitelisting and real-time monitoring of log data can reduce the...

 Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)

By Katie C. Stewart on October 18, 2017 7:24 AM

In line with its risk management program, an organization might decide to host unsupported applications on its supported or unsupported operating systems. In this post, I describe how organizations should upgrade, replace, or retire unsupported software assets, including operating systems....

 Manage Your Software Inventory (Part 3 of 7: Mitigating Risks of Unsupported Operating Systems)

By Katie C. Stewart on October 11, 2017 6:39 AM

Having a managed software asset inventory helps an organization ensure that its software is identified, authorized, managed, or retired before it can be exploited. In this post, I describe why your organization should establish a software inventory to manage its...

 Define Your Organization's Risk Tolerance (Part 2 of 7: Mitigating Risks of Unsupported Operating Systems)

By Katie C. Stewart on October 4, 2017 6:46 AM

Risk tolerance--the amount of risk an organization is willing to accept--should be part of your organization's comprehensive risk management program. In this post, I describe how your organization can define its risk tolerance....

 Introduction (Part 1 of 7: Mitigating Risks of Unsupported Operating Systems)

By Katie C. Stewart on September 27, 2017 6:36 AM

Federal CIOs and CISOs are challenged with analyzing the risk of having unsupported operating systems on their networks and determining how to properly address this risk. In this blog series, I explain how an unsupported operating system can expose a...


NOW TRENDING

Contact Us

Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800

BLOGS

CERT/CC
Insider Threat
SATURN
SEI Blog
DevOps

FEEDS

CERT/CC
Insider Threat
SATURN
SEI Blog
DevOps

SEI LIBRARY

SEI Digital Library
SEI Podcast Series
SEI Webinar Series

LATEST POST

Why Is Measurement So Hard?

Posted on by Katie C. Stewart

Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this is the common question, it lacks context. Organizations vary in size, mission, risk appetites, and budget for security. There is no "one size fits all" for security metrics.

NOW TRENDING

Terms of Use | Privacy Statement | Intellectual Property
© 2018 Carnegie Mellon University.

The Software Engineering Institute (SEI) is a federally funded research and development center (FFRDC) sponsored by the U.S. Department of Defense (DoD). It is operated by Carnegie Mellon University.