Archive: 2019
The AADL Error Library: 4 Families of System Errors
Classifying the way that things can go wrong in a component-based system is a hard challenge since components--and the systems that rely on them--can fail in myriad, unpredictable ways....
Read More•By Sam Procter
In Software Architecture
Windows Event Logging for Insider Threat Detection
In this post, I continue my discussion on potential low-cost solutions to mitigate insider threats for smaller organizations or new insider threat programs....
Read More•By Derrick Spooner
In Insider Threat
The Latest Research from the SEI in DevSecOps, Threat Modeling, and Insider Threat
As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in …
Read More•By Douglas Schmidt (Vanderbilt University)
In DevSecOps
High-Level Technique for Insider Threat Program's Data Source Selection
This blog discusses an approach that the CERT Division's National Insider Threat Center developed to assist insider threat programs develop, validate, implement, and share potential insider threat risk indicators (PRIs)....
Read More•By Robert M. Ditmore, CERT Insider Threat Center
In Insider Threat
After the Cyber Resilience Review: A Targeted Improvement Plan for Service Continuity
In 2011, the SEI's CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the Department of Homeland Security....
Read More•By Robert A. Vrtis, Jeffrey Pinckard
In Enterprise Risk and Resilience Management
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines
The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....
Read More•By Allen D. Householder, Deana Shick, Jonathan Spring, Art Manion
In CERT/CC Vulnerabilities
Model-Based Analysis of Agile Development Practices
Applications of Agile development practices in government are providing experience that decision makers can use to improve policy, procedure, and practice....
Read More•By Andrew P. Moore, Bill Nichols, William E. Novak, David Zubrow
In Agile
Testing Concurrent Systems: Concurrency Defects, Testing Techniques, and Recommendations
Concurrency, which exists whenever multiple entities execute simultaneously, is a ubiquitous and an unavoidable fact of life in systems and software engineering....
Read More•By Donald Firesmith
In Cybersecurity Engineering
Keeping an Eye Out for Positive Risk
We commonly think about risks having negative consequences. With each month bringing new cybersecurity threats, breaches, and vulnerabilities, sound risk management practices are necessary....
Read More•By Mary Beth Chrissis
In Insider Threat
Three Architecture Recommendations for Sustainment Organizations
In a March 2019 report, the Defense Innovation Board (DIB) noted that the United States faces threats that are evolving at an ever-increasing pace....
Read More•By Susan Crozier Cox
In Software Architecture
SEI Blog Archive
Recent
Year