Since 2001, the CERT® Program has been working in the areas of security
process improvement and operational resilience management and
engineering. Beginning with the introduction of the OCTAVE®
Method, the program has been researching and developing tools, techniques, and methods that help organizations manage operational risk and improve operational resilience. CERT Resilience Management research and development is currently focused on the CERT ® Resilience Management Model, critical infrastructure protection, and resilience measurement and analysis.
CERT Resilience Management Model
The CERT Resilience Management Model is the foundation for a process improvement approach to security, business continuity, and aspects of IT operations management. It establishes an organization's resilience management process: a collection of essential capabilities that the organization performs to ensure that its important assets stay productive in supporting business processes and services. The model provides guidance for measuring the current competency of essential capabilities, setting improvement targets, and establishing plans and actions to close any identified gaps.
Critical Infrastructure Protection
The CERT Infrastructure Resilience Team produces tools, techniques, technologies, and training to raise awareness of the information security risks to critical infrastructure and to manage and improve their resilience. The team also collaborates with standards bodies to develop cyber security standards that support national critical infrastructure protection goals.
Resilience Measurement and Analysis
The focus of the resilience measurement and analysis research is to determine measures and associated analyses that inform the extent to which operational resilience processes and practices
- are being implemented
- are being improved
- are meeting performance objectives
In addition, this effort suggests the use of implementation-level defined processes as the context for identifying such measures.