Best Practices
Blog Posts
What’s Going On in My Program? 12 Rules for Conducting Assessments
This post provides 12 rules for successful program or project assessments.
Read More• By William E. Novak
System End-of-Life Planning: Designing Systems for Maximum Resiliency Over Time
Deployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.
Read More• By Grant Deffenbaugh , Lyndsi A. Hughes
In Enterprise Risk and Resilience Management
Operator-Feedback Sessions in a Government Setting: The Good and Not-So-Good Parts
This post covers good and not-so-good practices and outcomes in operator-feedback sessions in government environments.
Read More• By Michael Szegedy , Timothy A. Chick
In Agile
Considerations for Operator-Feedback Sessions in Government Settings
This post describes a design approach that considers operator feedback and effectively leverages feedback sessions.
Read More• By Michael Szegedy , Timothy A. Chick
In Agile
Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs
This blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to …
Read More• By Emily Kessel , Sarah Miller , Carrie Gardner
In Insider Threat
Mapping Cyber Hygiene to the NIST Cybersecurity Framework
In honor of Cybersecurity Awareness Month, I decided to put fingers to keys and share some basic practices that every organization should consider for their cyber hygiene initiatives....
Read More• By Matthew Trevors
In Insider Threat
It's Time to Retire Your Unsupported Things
"If it ain't broke, don't fix it." Why mess with something that already works? This is fair advice with many things in life. But when it comes to software security, …
Read More• By Will Dormann
In CERT/CC Vulnerabilities
Update on the CERT Guide to Coordinated Vulnerability Disclosure
It's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....
Read More• By Allen D. Householder
In CERT/CC Vulnerabilities
Comments on Voluntary Voting System Guidelines 2.0 Principles and Guidelines
The U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....
Read More• By Allen D. Householder , Deana Shick , Jonathan Spring , Art Manion
In CERT/CC Vulnerabilities
A New Scientifically Supported Best Practice That Can Enhance Every Insider Threat Program!
The CERT National Insider Threat Center (NITC) continues to transition its insider threat research to the public through its publications of the Common Sense Guide to Mitigating Insider Threats (CSG)....
Read More