Blog Posts
Security Analytics: Tracking Software Updates
This blog post presents an analytic for tracking software updates from official vendor locations.
• By Tim Shimeall
In Cybersecurity Engineering
Security Analytics: Tracking Proxy Bypass
This post describes how to track the amount of network traffic that is evading security proxies for services that such proxies are expected to cover.
• By Tim Shimeall
In Cybersecurity Engineering
A Cybersecurity Engineering Strategy for DevSecOps that Integrates with the Software Supply Chain
Reused code contains defects unknown to the new user, which, in turn, propagate vulnerabilities into new systems. Organizations must develop a cybersecurity engineering strategy that addresses the integration of DevSecOps …
• By Carol Woody
In Cybersecurity Engineering
How Do You Trust AI Cybersecurity Devices?
AI and ML cybersecurity devices are gaining traction, but efficacy testing has not kept up. We are seeking input on our test environment for these devices.
• By Grant Deffenbaugh, Shing-hon Lau
In Cybersecurity Engineering
DNS Over HTTPS: 3 Strategies for Enterprise Security Monitoring
DNS over HTTPS (DoH) can impair enterprise network visibility and security by bypassing traditional DNS monitoring and protections. In this post, I'll provide enterprise defenders three strategies for security monitoring …
• By Sean Hutchison
In Cybersecurity Engineering
Zero Trust Adoption: Managing Risk with Cybersecurity Engineering and Adaptive Risk Assessment
In this and a series of future posts, we provide an overview of zero trust and management of its risk with SEI's cybersecurity engineering assessment framework. This adaptive framework incorporates …
• By Geoff Sanders
In Cybersecurity Engineering
Six Key Cybersecurity Engineering Activities for Building a Cybersecurity Strategy
This post, which augments a recent webcast and a forthcoming white paper, highlights the importance of the cybersecurity strategy in defining how the technology from an acquisition will be designed, …
• By Carol Woody, Rita Creel
In Cybersecurity Engineering
System Resilience Part 7: 16 Guiding Principles for System Resilience
Adverse events and conditions can disrupt a system, causing it to fail to provide essential capabilities and services. As I outlined in previous posts in this series, resilience is an …
• By Donald Firesmith
In Cybersecurity Engineering
System Resilience Part 6: Verification and Validation
Adverse events and conditions can disrupt a system, causing it to fail to provide essential capabilities and services. As I outlined in previous posts in this series, resilience is an …
• By Donald Firesmith
In Cybersecurity Engineering
Five Reasons the Cybersecurity Field Needs Trusted Data Sets and Meaningful Metrics
Cybersecurity is a domain rich with data, but regrettably often only poor insights can be drawn from this richness. CISOs ask questions about how best to allocate resources....
• By Bobbie Stempfley, Matthew Butkovic
In Cybersecurity Engineering
