Cybersecurity
Blog Posts
3 Activities for Making Software Secure by Design
Understanding key principles, roadblocks, and accelerators can shift the secure software development paradigm.
Read More•By Carol Woody, Robert Schiela
In Cybersecurity Engineering
Using Game Theory to Advance the Quest for Autonomous Cyber Threat Hunting
This SEI Blog post describes an effort to apply game theory to the development of algorithms suitable for informing a fully autonomous threat hunting capability and introduces the concept of …
Read More•By Phil Groce
In Cybersecurity Engineering
Process and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disaster
Weak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.
Read More•By Daniel J. Kambic
In Enterprise Risk and Resilience Management
Designing Great Challenges for Cybersecurity Competitions
This blog post highlights the SEI’s experience developing cybersecurity challenges for the President’s Cup Cybersecurity Competition and general-purpose guidelines and best practices for developing effective challenges.
Read More•By Jarrett Booz, Josh Hammerstein, Matt Kaar
In Cyber Workforce Development
The Benefits of Cyber Assessment Training
This post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.
Read More•By Rhonda Brown, Alexander Petrilli
In Cybersecurity Engineering
2 Approaches to Risk and Resilience: Asset-Based and Service-Based
There are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.
Read More•By Emily Shawgo
In Enterprise Risk and Resilience Management
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
Read More•By Paul Nielsen
In Software Engineering Research and Development
Using Machine Learning to Increase the Fidelity of Non-Player Characters in Training Simulations
Use of machine-learning (ML) modeling and a suite of software tools to create decision-making preferences that make non-player characters (NPCs) more realistic in simulations.
Read More•By Dustin D. Updyke, Thomas G. Podnar, Geoffrey B. Dobson, John Yarger
In Cyber Workforce Development
Translating the Risk Management Framework for Nonfederal Organizations
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.
Read More•By Emily Shawgo, Brian Benestelli
In Enterprise Risk and Resilience Management
DNS Over HTTPS: 3 Strategies for Enterprise Security Monitoring
DNS over HTTPS (DoH) can impair enterprise network visibility and security by bypassing traditional DNS monitoring and protections. In this post, I'll provide enterprise defenders three strategies for security monitoring …
Read More