Blog Posts
Process and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disaster
Weak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.
• By Dan Kambic
In Enterprise Risk and Resilience Management
2 Approaches to Risk and Resilience: Asset-Based and Service-Based
There are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.
• By Emily Shawgo
In Enterprise Risk and Resilience Management
IT, OT, and ZT: Implementing Zero Trust in Industrial Control Systems
This blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.
• By Brian Benestelli, Dan Kambic
In Enterprise Risk and Resilience Management
System End-of-Life Planning: Designing Systems for Maximum Resiliency Over Time
Deployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.
• By Grant Deffenbaugh, Lyndsi Hughes
In Enterprise Risk and Resilience Management
Translating the Risk Management Framework for Nonfederal Organizations
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.
• By Emily Shawgo, Brian Benestelli
In Enterprise Risk and Resilience Management
How to Use the CMMC Assessment Guides
This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC …
• By Douglas Gardner
In Enterprise Risk and Resilience Management
10 Steps for Managing Risk: OCTAVE FORTE
This post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify …
• By Brett Tucker
In Enterprise Risk and Resilience Management
Balancing Cyber Confidence and Privacy Concerns
Learn about the privacy protocols that make it hard to protect enterprise networks, and their impact on network traffic monitoring in this SEI Blog post.
• By William Reed, Dustin Updyke
In Enterprise Risk and Resilience Management
Follow the CUI: 4 Steps to Starting Your CMMC Assessment
One of the primary drivers of the DoD's Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI).
• By Matthew Trevors
In Enterprise Risk and Resilience Management
Beyond NIST SP 800-171: 20 Additional Practices in CMMC
These 20 practices are intended to make DoD contractors more security conscious.
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
