Cybersecurity
Blog Posts
The Benefits of Cyber Assessment Training
This post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.
• By Rhonda Brown, Alexander Petrilli
In Cybersecurity Engineering
2 Approaches to Risk and Resilience: Asset-Based and Service-Based
There are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.
• By Emily Shawgo
In Enterprise Risk and Resilience Management
Six Dimensions of Trust in Autonomous Systems
This post chronicles the adoption and growth of autonomous systems and provides six considerations for establishing trust.
• By Paul D. Nielsen
In Software Engineering Research and Development
Using Machine Learning to Increase the Fidelity of Non-Player Characters in Training Simulations
Use of machine-learning (ML) modeling and a suite of software tools to create decision-making preferences that make non-player characters (NPCs) more realistic in simulations.
• By Dustin Updyke, Thomas Podnar, Geoffrey Dobson, John Yarger
In Cyber Workforce Development
Translating the Risk Management Framework for Nonfederal Organizations
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.
• By Emily Shawgo, Brian Benestelli
In Enterprise Risk and Resilience Management
DNS Over HTTPS: 3 Strategies for Enterprise Security Monitoring
DNS over HTTPS (DoH) can impair enterprise network visibility and security by bypassing traditional DNS monitoring and protections. In this post, I'll provide enterprise defenders three strategies for security monitoring …
• By Sean Hutchison
In Cybersecurity Engineering
Generating Realistic Non-Player Characters for Training Cyberteams
Since 2010, researchers in the SEI CERT Division have emphasized the crucial need for realism within cyberteam training and exercise events. In this blog post, we describe efforts underway to …
• By Dustin Updyke, Tyler Brooks
In Cyber Workforce Development
Six Key Cybersecurity Engineering Activities for Building a Cybersecurity Strategy
This post, which augments a recent webcast and a forthcoming white paper, highlights the importance of the cybersecurity strategy in defining how the technology from an acquisition will be designed, …
• By Carol Woody, Rita Creel
In Cybersecurity Engineering
Cat and Mouse in the Age of .NET
Penetration testers have long exploited the PowerShell scripting language to gain a foothold in systems and execute an attack. Eventually, changes in the PowerShell landscape caused the toolsets to shift …
• By Brandon Marzik
In CERT/CC Vulnerabilities
How to Protect Your High Value Assets
This blog post will outline the background of the federal High Value Asset (HVA) Program, explain the resources available to guide the securing of high value assets, and discuss ways …
• By Brian Benestelli, Emily Shawgo