An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
• Technical Note
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2014-TN-005DOI (Digital Object Identifier)
10.1184/R1/6571934.v1Abstract
An incident management (IM) function is responsible for performing the broad range of activities associated with managing computer security events and incidents. For many years, the Software Engineering Institute's (SEI) CERT Division has developed practices for building and sustaining IM functions in government and industry organizations worldwide. Based on their field experiences over the years, CERT researchers identified a community need for a time-efficient means of assessing an IM function. The Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC) is designed to address this need. The MRD-IMC is a risk-based approach for assessing the extent to which an IM function is in position to achieve its mission and objectives. Analysts applying the MRD-IMC evaluate a set of systemic risk factors (called drivers) to aggregate decision-making data and provide decision makers with a benchmark of an IM function's current state. The resulting gap between the current and desired states points to specific areas where additional investment is warranted. The MRD-IMC can be viewed as a first-pass screening (i.e., a "health check") or high-level diagnosis of conditions that enable and impede the successful completion of the IM function's mission and objectives. This technical note provides an overview of the MRD-IMC method.
Cite This Technical Note
Alberts, C., Dorofee, A., Ruefle, R., & Zajicek, M. (2014, May 30). An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC). (Technical Note CMU/SEI-2014-TN-005). Retrieved December 13, 2024, from https://doi.org/10.1184/R1/6571934.v1.
@techreport{alberts_2014,
author={Alberts, Christopher and Dorofee, Audrey and Ruefle, Robin and Zajicek, Mark},
title={An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)},
month={{May},
year={{2014},
number={{CMU/SEI-2014-TN-005},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6571934.v1},
note={Accessed: 2024-Dec-13}
}
Alberts, Christopher, Audrey Dorofee, Robin Ruefle, and Mark Zajicek. "An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)." (CMU/SEI-2014-TN-005). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, May 30, 2014. https://doi.org/10.1184/R1/6571934.v1.
C. Alberts, A. Dorofee, R. Ruefle, and M. Zajicek, "An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2014-TN-005, 30-May-2014 [Online]. Available: https://doi.org/10.1184/R1/6571934.v1. [Accessed: 13-Dec-2024].
Alberts, Christopher, Audrey Dorofee, Robin Ruefle, and Mark Zajicek. "An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)." (Technical Note CMU/SEI-2014-TN-005). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 30 May. 2014. https://doi.org/10.1184/R1/6571934.v1. Accessed 13 Dec. 2024.
Alberts, Christopher; Dorofee, Audrey; Ruefle, Robin; & Zajicek, Mark. An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC). CMU/SEI-2014-TN-005. Software Engineering Institute. 2014. https://doi.org/10.1184/R1/6571934.v1