Enterprise Risk and Resilience Management
Blog Posts
The Top 10 Skills CISOs Need in 2024
This post outlines the top 10 skills that CISOs need in 2024 and beyond.
Read More•By Greg Touhill
In Enterprise Risk and Resilience Management
Process and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disaster
Weak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.
Read More•By Daniel J. Kambic
In Enterprise Risk and Resilience Management
2 Approaches to Risk and Resilience: Asset-Based and Service-Based
There are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.
Read More•By Emily Shawgo
In Enterprise Risk and Resilience Management
IT, OT, and ZT: Implementing Zero Trust in Industrial Control Systems
This blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.
Read More•By Brian Benestelli, Daniel J. Kambic
In Enterprise Risk and Resilience Management
System End-of-Life Planning: Designing Systems for Maximum Resiliency Over Time
Deployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.
Read More•By Grant Deffenbaugh, Lyndsi A. Hughes
In Enterprise Risk and Resilience Management
Translating the Risk Management Framework for Nonfederal Organizations
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.
Read More•By Emily Shawgo, Brian Benestelli
In Enterprise Risk and Resilience Management
Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs
This blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to …
Read More•By Emily Kessel, Sarah Miller, Carrie Gardner
In Insider Threat
How to Use the CMMC Assessment Guides
This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC …
Read More•By Douglas Gardner
In Enterprise Risk and Resilience Management
10 Steps for Managing Risk: OCTAVE FORTE
This post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify …
Read More•By Brett Tucker
In Enterprise Risk and Resilience Management
Balancing Cyber Confidence and Privacy Concerns
Learn about the privacy protocols that make it hard to protect enterprise networks, and their impact on network traffic monitoring in this SEI Blog post.
Read More