Enterprise Risk and Resilience Management
Blog Posts
IT, OT, and ZT: Implementing Zero Trust in Industrial Control Systems
This blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.
• By Brian Benestelli, Dan Kambic
In Enterprise Risk and Resilience Management
System End-of-Life Planning: Designing Systems for Maximum Resiliency Over Time
Deployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.
• By Grant Deffenbaugh, Lyndsi Hughes
In Enterprise Risk and Resilience Management
Translating the Risk Management Framework for Nonfederal Organizations
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.
• By Emily Shawgo, Brian Benestelli
In Enterprise Risk and Resilience Management
Potential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programs
This blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to …
• By Emily Kessel, Sarah Miller, Carrie Gardner
In Insider Threat
How to Use the CMMC Assessment Guides
This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC …
• By Douglas Gardner
In Enterprise Risk and Resilience Management
10 Steps for Managing Risk: OCTAVE FORTE
This post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify …
• By Brett Tucker
In Enterprise Risk and Resilience Management
Balancing Cyber Confidence and Privacy Concerns
An important part of an organization's cybersecurity posture includes the monitoring of network traffic for proactive cyber defense. The trend toward implementing network protocols designed to improve personal privacy is …
• By William Reed, Dustin Updyke
In Enterprise Risk and Resilience Management
Follow the CUI: 4 Steps to Starting Your CMMC Assessment
One of the primary drivers of the DoD's Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI).
• By Matthew Trevors
In Enterprise Risk and Resilience Management
Beyond NIST SP 800-171: 20 Additional Practices in CMMC
These 20 practices are intended to make DoD contractors more security conscious.
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity
Mature cybersecurity processes will improve an organization's ability to prevent and respond to a cyberattack
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management