The CERT Division | SEI

SEI Menu
Work Areas
Welcome to CERT
New Publications
About CERT

Our mission at the CERT Division is to anticipate and solve the nation's cybersecurity challenges.

Learn more
Engage with Us
Training
About Us
- Overview
- Leadership
News
Careers
Information for

FloCon 2017 Announces Conference Program, Keynote, and Registration

FloCon 2017, the 13th annual open forum for large-scale network analytics, has announced its full technical program and keynote speakers for the conference. Registration is now open.

Distributed Denial of Service Attacks: Four Best Practices for Prevention and Response

CERT researcher Rachel Kartch provides an overview of DDoS attacks and best practices for mitigating and responding to them.

An Evaluation of Three Cyber Threat Models

This blog post evaluates three popular methods of cyber threat modeling and a potential model that fuses the best qualities of each.

Mapping the FFIEC Cybersecurity Assessment Tool (CAT) to the CRR

To help financial institutions assess their cyber resilience, we mapped FFIEC CAT statements to Cyber Resilience Review (CRR) questions.

Video Highlights Recent SEI STEM Efforts

Features recent high school cyber-kinetic exercise and SEI's wider initiative to encourage young people to consider careers in STEM fields.

Seven Principles for Software Assurance

Seven Principles for acquiring, building, deploying, and sustaining software systems to achieve a desired level of confidence for software assurance.

Managing Third Party Risks to Financial Services Organizations

A resilience-based approach can help financial services organizations to manage cyber risks from outsourcing and comply with federal cybersecurity regulations.

CERT Mission: Anticipating and Solving the Nation’s Cybersecurity Challenges

Learn More About Us

NEWS

FloCon 2017 Announces Conference Program and Keynote
Press Release - 11/29/2016

See more news

CERT Division at a Glance

We were there for the first internet security incident and we’re still here more than 25 years later. Only now, we’ve expanded our expertise from incident response to a comprehensive, proactive approach to securing networked systems. The CERT Division is part of the Software Engineering Institute, which is based at Carnegie Mellon University. We are the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and are a national asset in the field of cybersecurity.

Learn More About the CERT Division:

RECENT VULNERABILITIES

VU#535111: McAfee VirusScan Enterprise for Windows scriptproxy COM object memory corruption vulnerability
Original Release date - 12/13/2016

VU#779243: EpubCheck 4.0.1 contains a XML external entity processing vulnerability
Original Release date - 12/13/2016

VU#245327: McAfee VirusScan for Linux contains multiple vulnerabilities
Original Release date - 12/12/2016

Report a Vulnerability

See more vulnerabilities

PUBLICATIONS

Common Sense Guide to Mitigating Insider Threats, Fifth Edition Presents recommendations for mitigating insider threat based on CERT's continued research and analysis of over 1,000 cases. Technical Report - 12/21/2016

Low Cost Technical Solutions to Jump Start an Insider Threat Program This technical note explores free and low cost technical solutions to help organizations prevent, detect, and respond to malicious insiders. Technical Note - 12/12/2016

Avoiding Insecure C++ This presentation introduces the SEI CERT C++ Presentation - 12/07/2016

See more publications

EVENTS

FloCon 2017
The FloCon network security conference provides a forum for large-scale network flow analytics.
Conferences - 01/09/2017

See more events

Blogs

Fabric, Ansible, Gauntlt, and Chaos Monkey: The Top DevOps Posts of 2016

12/20/2016 - Hasan Yasar

Autonomy, Robotics, Verification, DDoS Attacks, and Software Testing: The Top 10 Posts of 2016

12/19/2016 - Douglas C. Schmidt

Defending Against Phishing

12/16/2016 - Michael J. Albrethsen

See more blog posts

Podcasts

Establishing Trust in the Wireless Emergency Alerts Service

Becoming a CISO: Formal and Informal Requirements

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field. Podcast - 10/19/2016

Global Value Chain – An Expanded View of the ICT Supply Chain

In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain. Podcast - 07/18/2016

Intelligence Preparation for Operational Resilience

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR. Podcast - 06/21/2016

See more podcasts

Welcome to CERT

New Publications

About CERT