icon-carat-right menu search cmu-wordmark

Security Engineering Risk Analysis (SERA)

Brochure
This brochure describes Security Engineering Risk Analysis (SERA), its purpose and benefits.
Publisher

Software Engineering Institute

Abstract

SEI researchers developed the Security Engineering Risk Analysis (SERA) Framework, a security risk-analysis approach that addresses software security risks as early in the development lifecycle, to advance the state-of-the-practice. The SERA Framework incorporates two important technical perspectives: (1) system and software engineering and (2) operational security. The framework requires system and software engineers to consider operational security risks early in the lifecycle. This approach blends multiple technical disciplines to define an engineering-oriented risk-analysis practice consistent with the NIST Risk Management Framework (RMF).