Governing for Enterprise Security (GES) describes ideas and methods organizations need to achieve and sustain a culture of security. GES builds upon corporate, enterprise, and information technology (IT) governance.

Governance Research Area
Includes our history of work, reports, related podcasts, and presentations.

	CERT's Podcast Series: Security for Business Leaders
	Governing for Enterprise Security: Overview (pdf) | Technical Note (pdf)
	Information Security as an Institutional Priority (pdf)

Our organization's insider threat research is a collaborative effort to convey the big picture of the insider threat problem: the complex interactions, degree of risk, and unintended consequences of combinations of countermeasures (or lack thereof) over time.

Insider Threat Research Area
Includes our history of work, reports, related podcasts, and presentations.

	Insider Threat Study
	2010 E-Crime Watch Survey: Summary (pdf)

Resilience Management research focuses on helping organizations improve the ways they design, develop, implement, and manage the protection and sustainability of high-value services, related business processes, and associated assets.

CERT Resilience Management Model
The CERT^® Resilience Management Model is the foundational process description of the capabilities required to manage operational resilience and to focus security and business continuity activities on achieving organizationally driven objectives. The model helps organizations build in, manage, and sustain resilience rather than react to changing operational risk environments.

OCTAVE
OCTAVE is a suite of tools, techniques, and methods for risk-based information security strategic assessment and planning.