Archive: 2020
Don't Incentivize the Wrong Behaviors in Agile Development
All too often, organizations collect certain metrics just because those are the metrics that they've always collected. Ordinarily, if an organization finds the metrics useful, there is no issue....
Read More•By Patrick R. Place, Will Hayes
In Agile
3 Metrics to Incentive the Right Behavior in Agile Development
The use of incentives to elicit certain behaviors in agile software development can often result in unintended consequences....
Read More•By Patrick R. Place
In Agile
Situational Awareness for Cybersecurity Architecture: 5 Recommendations
In this post on situational awareness for cybersecurity, we present five recommendations for the practice of architecture in the service of cybersecurity situational awareness (SA)....
Read More•By Phil Groce
In Situational Awareness
Evaluating the Post Assessment DevOps Posture: Eighth in a Series
In an ideal scenario, organizations that complete a DevOps assessment will implement all of the assessment's recommendations to improve their software development lifecycle (SDLC)....
Read More•By Jose A. Morales
In DevSecOps
The Latest Work from the SEI: Microservices, Ransomware, and Agile in Government
As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers....
Read More•By Douglas Schmidt (Vanderbilt University)
In Agile
How to Protect Your High Value Assets
This blog post will outline the background of the federal High Value Asset (HVA) Program, explain the resources available to guide the securing of high value assets, and discuss ways …
Read More•By Brian Benestelli, Emily Shawgo
Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning
This SEI Blog post introduces the Adversarial ML Threat Matrix, a list of tactics to exploit machine learning models, and guidance on defense against them.
Read More•By Jonathan Spring
In CERT/CC Vulnerabilities
Highlights from the 7th Annual National Insider Threat Center (NITC) Symposium, Day One
This SEI Blog post recaps the first day of the National Insider Threat Symposium, covering proactive approaches to reducing insider incidents.
Read More•By Daniel L. Costa, Sarah Miller
In Insider Threat
Insider Threat Incidents: Assets Targeted by Malicious Insiders
This SEI Blog post details CERT's new taxonomy for targeted assets in insider threat incidents and highlights their latest findings.
Read More•By Sarah Miller
In Insider Threat
Insider Threat Incidents: Communication Channels
Learn how to identify risk behaviors and detect insider threats with communication channel monitoring in this informative SEI Blog post.
Read More•By Sarah Miller, Alex Pickering
In Insider Threat
SEI Blog Archive
Recent
Year