CERT-SEI

Information for Managers

If you're a manager, you need to know how to keep your team informed about cybercrime and help them protect your organization from malicious attack. We have many resources to help you do just that. Consider these questions and read on.

Podcast Series for Managers

Building security into your corporate culture is a complex undertaking. Our podcast series covers general principles and specific starting points for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be. See our latest podcast, Comparing IT Risk Assessment and Analysis Methods.

Read our FAQ or contact us if you have questions about our work.

Are Your Networks Secure?

Our researchers develop cutting-edge analysis techniques and tools for operational use in high-impact environments so that organizations are better able to defend their networks from potential attacks.

FloCon Conferences
We sponsor FloCon, open conferences where operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic showcase the next generation of flow-based analysis techniques. FloCon 2015 takes pace in Portland in January, 2015. Registration is open, and we are also accepting abstracts for presentations, posters, and demonstrations that support this year's conference theme, Formalizing the Art."

Are You Doing Enough About Insider Threats?

We enable insider threat programs to be more effective by performing research, modeling, analysis, and outreach to define socio-technical best practices that help organizations to better be able to deter, detect, and respond to evolving insider threats.

Controls and Indicators
The CERT insider threat lab creates controls and indicators derived from our wealth of socio-technical information on insider crimes. These controls and indicators are designed to help organizations prevent, detect, and respond to insider attacks.

Case Analysis
Our analysis of different sectors has resulted in insider threat guidance that is tailored for banking and finance, government, and information technology sectors.

Insider Threat Publications
Reports, white papers, presentations, podcasts, videos, and more cover topics that include best practices for dealing with insider threat, controls to help combat insider threat, the scope of the insider threat problem, indicators that can be monitored to identify possible insider activity, and analyses of insider threats in different contexts.

Insider Threat Blog
Our blog is populated with our latest research findings.

How Resilient Is Your Organization?

Our researchers produce tools, techniques, and methods that help organizations manage operational risk and improve operational resilience.

CERT-RMM Products and Services
These products and services include the CERT-RMM (a capability model for operational resilience management), ways to measure your organization's processes against the CERT-RMM (Capability Appraisals and Compass lightweight assessments) and training (course, workshop, and boot camp).

How Well Are You Incorporating Security into Your Products and Services?

We address security and survivability throughout the software development and acquisition lifecycles.

Software Security Assurance Measurement and Analysis
The goal of this research is to develop a risk-based approach for measuring and monitoring the security characteristics of interactively complex, software-reliant systems across the lifecycle and supply chain.

Supply Chain Assurance
Our approach to assure the security of supply chains can help acquirers by assisting with applying existing techniques, providing guidance on managing supply chain risks, and helping acquirers use their resources in considering supply chain risks.

Survivability Analysis Framework 
This research focuses on developing the survivability analysis framework (SAF), a structured view of technology, people, and activities that helps organizations characterize the complexity of multi-system and multi-organizational business processes.

SQUARE
The SQUARE method is a nine-step process that helps organizations to build security, including privacy, into the early stages of the production lifecycle.

Secure Coding
Our work in secure coding can save your organization money and reputation by preventing security vulnerabilities that could cause both you and your customers to lose money. The earlier in the coding cycle the errors are prevented or caught, the better; we have an array of solutions for throughout the coding lifecycle.

Are You Addressing the Latest Software Vulnerabilities?

Our researchers help engineers detect, eliminate, and avoid creating vulnerabilities in software.

Vulnerability Notes Database
The Vulnerability Notes Database provides timely information about software vulnerabilities.

Secure Coding Research
Our research of coding problems and secure coding practices help your developers to prevent vulnerabilities from infiltrating your software.

Blogging Researchers
Our researchers regularly contribute to the CERT/CCand SEIblogs to discuss vulnerability discovery, analysis, and disclosure. The team also presents techniques for managing and mitigating vulnerabilities. Team members discuss current research in these areas and in the field of secure coding.

Are You Responding Effectively to Incidents?

We produce technologies, capabilities, and practices organizations can use to develop incident response capabilities and facilitate incident investigations.

Forensics Tools
Our tools help you facilitate forensic examinations and assist authorized members of the law enforcement community.

Case Studies
These case studies detail how we aided the U.S. Secret Service in solving the landmark TJX & Heartland and Iceman cases.

Do You Know How a CSIRT Can Help You?

We support the international response team community by helping organizations and national CSIRTs develop, operate, and improve incident management capabilities.

CSIRT Development
These products and services are available to the global CSIRT community.

National CSIRT Support
The CERT Division recognizes the unique issues facing national computer security incident response teams (CSIRTs) and provides information and resources that help provide mechanisms for cooperation and collaboration among the organizations that fill this role around the globe. 

NatCSIRT Meetings
Since 2006, the CERT Division has been hosting an annual technical meeting for CSIRTs with national responsibility. This meeting provides an opportunity for the organizations responsible for protecting the security of nations, economies, and critical infrastructures to discuss the unique challenges they face while fulfilling this role. NatCSIRT 2014 took place in Boston, Massachusetts, in June 2014. For more details about this meeting and NatCSIRT 2015, visit the NatCSIRT website.

Prepare Your Organization for Disruptive Events

Our webinar, CERT Operational Resilience: Manage, Protect and Sustain, showcases the application of resilience models to operationalize risk management and solve hard problems in enterprise security.

Learn How to Create and Manage a CSIRT

CSIRT Development
We help organizations develop, operate, and improve incident management capabilities.

Assess and Manage Your Risks

OCTAVE
The OCTAVE Method is an approach used to assess an organization's information security needs.

SCALe
SCALe conformance testing assesses your software system against CERT secure coding standards, enables your use of the CERT seal when marketing products, and maintains a certificate registry with the certificates of conforming systems.

Hire Our Consultants

Our consultants are available to work with your organization on all sorts of software assurance initiatives.

Consulting Services
We can identify strategies for focusing on security in the early stages of the software development and acquisition lifecycles.

Plan Your Security Strategy

OCTAVE
These tools, techniques, and methods for risk-based information security strategic assessment and planning of information security can help you assess your organization's information security needs.

Assessing Information Security Risk Using the OCTAVE Approach
This course teaches you to perform information security risk assessments using the OCTAVE approach, which provides organizations a comprehensive methodology that focuses on information assets in their operational contexts.

Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This course teaches you high-level best practices for effectively integrating eight components into all aspects of IT operations. Further, the course scenario is used extensively to reinforce these best practices with technical information security implementations.

Software Assurance Methods in Support of Cybersecurity
This workshop focuses on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. This course exposes you to concepts and resources available now for your use to address software security assurance across the acquisition and development lifecycles.

Software Assurance for Executives
Our video modules begin with a discussion of software assurance challenges and then present resources and methods available to address software assurance in development and acquisition.

Improve Your Risk Management

CERT-RMM
This maturity model applies a process improvement approach to managing operational risk and resilience, security, business continuity, and IT operations.

CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series
This year-long series of workshops provides hands-on activities to understand, compare, and enhance your organizational resilience, using the CERT-RMM as the guide.

Introduction to the CERT Resilience Management Model
This course introduces a model-based process improvement approach to managing operational resilience using the CERT-RMM, a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk.

Incorporate Security into Development Processes

SQUARE
This method enables your organization to develop more secure, survivable software and systems, realize more predictable schedules and costs, and achieve lower costs.

Security Requirements Engineering Using the SQUARE Method
This course teaches you an overview of security requirements engineering and the SQUARE methodology, including going through the SQUARE steps in detail.

Software Assurance Methods in Support of Cybersecurity
This workshop focuses on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. It exposes you to concepts and resources available to use for addressing software security assurance across the acquisition and development lifecycles.

Cybersecurity Engineering Consulting Services
We can help you to identify strategies for focusing on security in the early stages of the software development and acquisition lifecycles.

SCALe
The SCALe conformance process consists of commercial, open source, and experimental analysis that is used to analyze various code bases to perform conformance testing against CERT secure coding standards.

Secure Coding Books
Books written by our researchers provide guidance for developers who use Java, C, C++.

Secure Coding Training
Training is available to help your developers avoid coding pitfalls that create security vulnerabilities.

Protect Your Organization Against the Insider Threat

Public Insider Threat Workshops
These public offerings teach you patterns of insider behaviors, organizational issues, and technical actions over time for each type of crime.

Custom On-Site Insider Threat Workshops
Our experts tailor confidential, on-site workshops to use actual malicious insider incidents that occurred in your organization.

Insider Threat Vulnerability Assessments
These confidential assessments explore your entire organization, including technical vulnerabilities, business process gaps, management issues, and your ability to deal effectively with behavioral issues.

Insider Threat Best Practices
These practices can help you to mitigate IP theft, IT sabotage, and fraud in your organization.

Take a Course

Creating a Computer Security Incident Response Team
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.

Managing Computer Security Incident Response Teams
This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective.

Overview of Creating and Managing CSIRTs
This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT).

CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series
Improve your organizational resiliency by attending a year-long series of workshops at a Software Engineering Institute (SEI) facility. You will experience hands-on activities to understand, compare, and enhance your organizational resilience, using the CERT-RMM as the guide.

CERT Resilience Management Model Appraisal Boot Camp
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT Resilience Management Model (CERT-RMM) V1.1.

Assessing Information Security Risk Using the OCTAVE Approach
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.

OCTAVE Approach Instructor Training
This two-day course teaches candidate OCTAVE instructors how to deliver the Assessing Information Security Risks Using the OCTAVE Approach course.

Security Requirements Engineering Using the SQUARE Method
In this workshop we present an overview of security requirements engineering and the SQUARE methodology. Then we will go through the SQUARE steps in detail.

Software Assurance Methods in Support of Cybersecurity
This workshop focuses on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement.

Overview of Creating and Managing CSIRTs
This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs.

Request Our Services

  • Request a CERT-RMM Capability Appraisal.
  • Ask us to plan and schedule a confidential insider threat vulnerability assessment.
  • Request a one- or two-day workshop that covers the SQUARE methodology and provides your team with everything you need to know to start using SQUARE.
  • Register your developers for secure coding courses.
  • Request SCALE conformance testing for your group's software development work to find and eliminate vulnerabilities.
  • Consult with you to identify strategies for focusing on security in the early stages of the development and acquisition lifecycles.

Find More Information

  • Investigate having your staff member become a licensed CERT-RMM Appraiser.
  • Let us know how CERT insider threat controls have worked for you.
  • Help fund our work on MERIT Interactive, a training simulator that gives managers practical experience in balancing all the factors that affect an organization's risk of insider threat.

Ask Us to Help You

  • Identify the insider threat products and services that are right for your organization.
  • Produce and implement technical controls to deter, detect, and respond to insider threats in your organization.
  • Train your employees, develop curricula for degree programs or employee training programs, assess your organization’s risks.
  • Learn more about supply chain assurance.
  • Start, implement, and manage a CSIRT (computer security incident response team).
  • Learn about SCALe, the SCALe conformance process, the CERT SCALe seal, and CERT SCALe certificates.
  • Keep track of the newest Cyber Risk and Resilience Management research in our newsletter.
  • Ask us about our tools that will help your developers and testers discover software vulnerabilities due to insecure coding.
  • Contact us if you want to collaborate with us to develop secure coding rules and guidelines for Android, iOS, or Windows 8 smartphone applications.

Attend an Event

FloCon Conferences
Attend or present at the next FloCon event. FloCon conferences provide a rich and rewarding forum for operational analysts, tool developers, researchers, and anyone who is interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.

Annual Technical Meeting for CSIRTs with National Responsibility
Since 2006, we have been hosting an annual technical meeting for CSIRTs with national responsibility. This meeting provides an opportunity for the organizations responsible for protecting the security of nations, economies, and critical infrastructures to discuss the unique challenges they face while fulfilling this role.