Cyber Risk
Blog Posts
The Benefits of Cyber Assessment Training
This post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.
• By Rhonda Brown, Alexander Petrilli
In Cybersecurity Engineering


Translating the Risk Management Framework for Nonfederal Organizations
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.
• By Emily Shawgo, Brian Benestelli
In Enterprise Risk and Resilience Management


Anti-Tamper for Software Components
This post explains how to identify software components within systems that are in danger of being exploited and that should be protected by anti-tamper practices.
• By Scott Hissam
In Secure Development

Balancing Cyber Confidence and Privacy Concerns
Learn about the privacy protocols that make it hard to protect enterprise networks, and their impact on network traffic monitoring in this SEI Blog post.
• By Bill Reed, Dustin D. Updyke
In Enterprise Risk and Resilience Management


After the Cyber Resilience Review: A Targeted Improvement Plan for Service Continuity
In 2011, the SEI's CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the Department of Homeland Security....
• By Robert A. Vrtis, Jeffrey Pinckard
In Enterprise Risk and Resilience Management


How to Use Static Analysis to Enforce SEI CERT Coding Standards for IoT Applications
The Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....
• By David Svoboda
In Secure Development

Evaluating Threat-Modeling Methods for Cyber-Physical Systems
Addressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....
• By Nataliya Shevchenko
In Enterprise Risk and Resilience Management

Threat Modeling: 12 Available Methods
Almost all software systems today face a variety of threats, and the number of threats grows as technology changes....
• By Nataliya Shevchenko
In Enterprise Risk and Resilience Management

Cybersecurity Engineering, Performance, Risk, and Secure Coding: The Latest Work from the SEI
This SEI Blog post highlights the latest work from the SEI, focusing on cybersecurity engineering, performance risk, and secure coding practices.
• By Douglas Schmidt (Vanderbilt University)

Adding Red to Blue: 10 Tactics Defenders Can Learn from Penetration Testers
This SEI Blog post, in collaboration with The Veris Group, highlights 10 low-disruption, freely available penetration testing tactics that benefit network defenders.
• By Brent Kennedy
In Enterprise Risk and Resilience Management
