search menu icon-carat-right cmu-wordmark

Subject: Resilience Management Model (RMM)

Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks

Applying Threat Intelligence to Operational Resilience and Risk Management Frameworks

• SEI Blog
Doug Gray

By Douglas Gray Information Security Engineer CERT Division In leveraging threat intelligence, the operational resilience practitioner need not create a competing process independent of other frameworks the organization is leveraging. In fact, the use of intelligence products in managing operational resilience is not only compatible with many existing frameworks but is, in many cases, inherent. While it is beyond the scope of this blog to provide an in-depth discussion of some of the more widely...

Read More
Leveraging Threat Intelligence to Support Resilience, Risk, and Project Management

Leveraging Threat Intelligence to Support Resilience, Risk, and Project Management

• SEI Blog
Doug Gray

By Douglas Gray Information Security Engineer CERT Division What differentiates cybersecurity from other domains in information technology (IT)? Cybersecurity must account for an adversary. It is the intentions, capabilities, prevailing attack patterns of these adversaries that form the basis of risk management and the development of requirements for cybersecurity programs. In this blog post, the first in a series, I present strategies for enabling resilience practitioners to organize and articulate their intelligence needs, as well...

Read More
The SPRUCE Series: Challenges to Managing Operational Resilience

The SPRUCE Series: Challenges to Managing Operational Resilience

• SEI Blog
SPRUCE Project

Software and acquisition professionals often have questions about recommended practices related to modern software development methods, techniques, and tools, such as how to apply agile methods in government acquisition frameworks, systematic verification and validation of safety-critical systems, and operational risk management. In the Department of Defense (DoD), these techniques are just a few of the options available to face the myriad challenges in producing large, secure software-reliant systems on schedule and within budget....

Read More
Resilience, Model-Driven Engineering, Software Quality, and Android App Analysis - The Latest Research from the SEI

Resilience, Model-Driven Engineering, Software Quality, and Android App Analysis - The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in governing operational resilience, model-driven engineering, software quality, Android app analysis, software architecture, and emerging technologies. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the...

Read More
Resilience, Metrics, Sustainment, and Software Assurance - The Latest Research from the SEI

Resilience, Metrics, Sustainment, and Software Assurance - The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in resilience, metrics, sustainment, and software assurance. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website....

Read More
Malware Analysis, Acquisition Strategies, Network Situational Awareness, & Cyber Risk - The Latest Research from the SEI

Malware Analysis, Acquisition Strategies, Network Situational Awareness, & Cyber Risk - The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in malware analysis, acquisition strategies, network situational awareness, resilience management (with three reports from this research area), incident management, and future architectures. This post includes a listing of each report, author(s), and links where the published...

Read More
Information Resilience in Today's High Risk Information Economy

Information Resilience in Today's High Risk Information Economy

• SEI Blog
Nader Mehravari

Earlier this month, the U.S. Postal Service reported that hackers broke into their computer system and stole data records associated with 2.9 million customers and 750,000 employees and retirees, according to reports on the breach. In the JP Morgan Chase cyber breach earlier this year, it was reported that hackers stole the personal data of 76 million households as well as information from approximately 8 million small businesses. This breach and other recent thefts of...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in secure coding, CERT Resilience Management Model, malicious-code reverse engineering, systems engineering, and incident management. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI...

Read More
Identifying Security Gaps in International Postal and Transportation Infrastructure

Identifying Security Gaps in International Postal and Transportation Infrastructure

• SEI Blog
Nader Mehravari

In October 2010, two packages from Yemen containing explosives were discovered on U.S.-bound cargo planes of two of the largest worldwide shipping companies, UPS and FedEx, according to reports by CNN and the Wall Street Journal. The discovery highlighted a long-standing problem--securing international cargo--and ushered in a new area of concern for such entities as the United States Postal Inspection Service (USPIS) and the Universal Postal Union (UPU), a specialized agency of the United Nations...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in and systems engineering, resilience, and insider threat. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website....

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in embedded systems, risk management, risk-based measurement and analysis, early lifecycle cost estimation, and techniques for detecting data anomalies. This post includes a listing of each report, author(s), and links where the published reports can be accessed...

Read More
An Overview of the SEI Technologies Forum

An Overview of the SEI Technologies Forum

• SEI Blog
Douglas C. Schmidt

We use the SEI Blog to inform you about the latest work at the SEI, so this week I'm summarizing some video presentations recently posted to the SEI website from the SEI Technologies Forum. This virtual event held in late 2011 brought together participants from more than 50 countries to engage with SEI researchers on a sample of our latest work, including cloud computing, insider threat, Agile development, software architecture, security, measurement, process improvement, and...

Read More
The Latest Research from the SEI

The Latest Research from the SEI

• SEI Blog
Douglas C. Schmidt

As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in insider threat, interoperability, service-oriented architecture, operational resilience, and automated remediation. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website....

Read More
Measures for Managing Operational Resilience

Measures for Managing Operational Resilience

• SEI Blog
Julia Allen

The SEI has devoted extensive time and effort to defining meaningful metrics and measures for software quality, software security, information security, and continuity of operations. The ability of organizations to measure and track the impact of changes--as well as changes in trends over time--are important tools to effectively manage operational resilience, which is the measure of an organization's ability to perform its mission in the presence of operational stress and disruption. For any organization--whether Department...

Read More