CERT PODCAST SERIES: SECURITY FOR BUSINESS LEADERS: SHOW NOTES

Intelligence Preparation for Operational Resilience

Key Message: Security and operational resilience leaders need a way to make sense of the flood of threat and environmental information to understand their cyber situational awareness and make informed decisions.

Executive Summary

Intelligence preparation for Operational Resilience (IPOR) is a structured framework that decision makers can use to:

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR.


PART 1: USING IPOR FOR SITUATIONAL AWARENESS

IPOR enables a cybersecurity manager or operational resilience practitioner to break down all the kinds of information they need in order to build situational awareness about their environment. IPOR explains what intelligence is and how it can assist in moving from collecting information to consuming intelligence for better decision-making. The different kinds of information pertain to the various risk landscapes in which an organization operates such as the:

Instead of reinventing the wheel, the IPOR framework leverages existing frameworks such as:


PART 2: SETTING THE OPERATIONAL CONTEXT AND HEARING THE VOICES

IPOR uses “voices” to enumerate the landscape in which the organization and the adversary operate. The voices are:


PART 3 GETTING STARTED WITH IPOR

IPOR proposes a framework to enable operational resilience and cybersecurity leaders and practitioners to:


Resources

SEI Blog: Gray, Douglas. "Leveraging Threat Intelligence to Support Resilience, Risk, and Project Management," September 2015.

SEI Blog: Gray, Douglas. "Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks," October 2015.

Intelligence Preparation for the Battlefield/Battlespace (IPB).

CERT Resilience Management Model

OCTAVE

National Institute of Standards and Technology (NIST) Special Publication 800-37 Rev 1. Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach.

Agile.

Stewart, Katie; Allen, Julia H.; Valdez, Michelle; Young, Lisa. Measuring What Matters Workshop Report (CMU/SEI-2015-TN-002). Software Engineering Institute, Carnegie Mellon University, January 2015.

A Guide to the Project Management Body of Knowledge (PMBOK Guide). Newtown Square, PA. Project Management Institute, Inc., 2004.




Copyright 2016 by Carnegie Mellon University