Blog Posts
DNS Over HTTPS: 3 Strategies for Enterprise Security Monitoring
DNS over HTTPS (DoH) can impair enterprise network visibility and security by bypassing traditional DNS monitoring and protections. In this post, I'll provide enterprise defenders three strategies for security monitoring …
• By Sean Hutchison
In Cybersecurity Engineering
Zero Trust Adoption: Managing Risk with Cybersecurity Engineering and Adaptive Risk Assessment
In this and a series of future posts, we provide an overview of zero trust and management of its risk with SEI's cybersecurity engineering assessment framework. This adaptive framework incorporates …
• By Geoff Sanders
In Cybersecurity Engineering
Six Key Cybersecurity Engineering Activities for Building a Cybersecurity Strategy
This post, which augments a recent webcast and a forthcoming white paper, highlights the importance of the cybersecurity strategy in defining how the technology from an acquisition will be designed, …
• By Carol Woody, Rita Creel
In Cybersecurity Engineering
KalKi: Solution for High Assurance Software-Defined IoT Security
Commercial Internet of things (IoT) devices are evolving rapidly, providing new and potentially useful capabilities. These devices can be a valuable source of data....
• By Sebastian Echeverria
In Cybersecurity Engineering
System Resilience Part 7: 16 Guiding Principles for System Resilience
Adverse events and conditions can disrupt a system, causing it to fail to provide essential capabilities and services. As I outlined in previous posts in this series, resilience is an …
• By Donald Firesmith
In Cybersecurity Engineering
System Resilience Part 6: Verification and Validation
Adverse events and conditions can disrupt a system, causing it to fail to provide essential capabilities and services. As I outlined in previous posts in this series, resilience is an …
• By Donald Firesmith
In Cybersecurity Engineering
Five Reasons the Cybersecurity Field Needs Trusted Data Sets and Meaningful Metrics
Cybersecurity is a domain rich with data, but regrettably often only poor insights can be drawn from this richness. CISOs ask questions about how best to allocate resources....
• By Bobbie Stempfley, Matthew Butkovic
In Cybersecurity Engineering
System Resilience Part 5: Commonly-Used System Resilience Techniques
If adverse events or conditions cause a system to fail to operate appropriately, they can cause all manner of harm to valuable assets. As I outlined in previous posts in …
• By Donald Firesmith
In Cybersecurity Engineering
System Resilience Part 4: Classifying System Resilience Techniques
A system resilience technique is any architectural, design, or implementation technique that increases a system's resilience....
• By Donald Firesmith
In Cybersecurity Engineering
System Resilience Part 3: Engineering System Resilience Requirements
At its most basic level, system resilience is the degree to which a system continues to perform its mission in the face of adversity....
• By Donald Firesmith
In Cybersecurity Engineering