Archive: 2020
The Top 10 Blog Posts of 2019
Every January on the SEI Blog, we present the 10 most-visited posts of the previous year. This year's list of top 10 is presented in reverse order and features posts....
Read More•By Douglas Schmidt (Vanderbilt University)
In Software Engineering Research and Development
Technology Trends in Data Exfiltration
One of our goals at the CERT National Insider Threat Center (NITC) is to monitor the shifting landscape of insider threat to identify tools and techniques....
Read More•By Alex Pickering
In Insider Threat
System Resilience Part 3: Engineering System Resilience Requirements
At its most basic level, system resilience is the degree to which a system continues to perform its mission in the face of adversity....
Read More•By Donald Firesmith
In Cybersecurity Engineering
The Latest Work from the SEI: Penetration Testing, Artificial Intelligence, and Incident Management
As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts....
Read More•By Douglas Schmidt (Vanderbilt University)
In Software Engineering Research and Development
Anti-Phishing Training: Is It Working? Is It Worth It?
Phishing attacks target human, rather than technical, vulnerabilities. Some organizations, companies, government agencies, educational institutions, and individuals put on blinders....
Read More•By Mike Petock
In Insider Threat
Performing the DevOps Assessment: Fourth in a Series
The overall purpose of a DevOps assessment is to help improve the software development lifecycle (SDLC). Applying DevOps in highly regulated environments (HREs) can be challenging....
Read More•By Jose A. Morales
In DevSecOps
Programmer Moneyball: Challenging the Myth of Individual Programmer Productivity
A pervasive belief in the field of software engineering is that some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills...
Read More•By Bill Nichols
In Enterprise Risk and Resilience Management
Maturing Your Insider Threat Program into an Insider Risk Management Program
Having trouble clearly stating the scope of your insider threat program? Struggling with measuring the program's effectiveness? Failing to provide actionable intelligence to the program stakeholders?...
Read More•By Daniel L. Costa
In Insider Threat
System Resilience Part 4: Classifying System Resilience Techniques
A system resilience technique is any architectural, design, or implementation technique that increases a system's resilience....
Read More•By Donald Firesmith
In Cybersecurity Engineering
Engineering for Cyber Situational Awareness: Endpoint Visibility
In this post, we aim to help network security analysts understand the components of a cybersecurity architecture, starting with how we can use endpoint information....
Read More•By Phil Groce, Timur D. Snoke
In Situational Awareness
SEI Blog Archive
Recent
Year