Managing Third Party Risk in Financial Services Organizations: A Resilience-Based Approach
In this white paper, the authors discuss how financial services organizations can use a resilience-based approach to manage cyber risks that arise from outsourcing and comply with federal cybersecurity regulations.
Intelligence Preparation for Operational Resilience (IPOR)
In this report, Douglas Gray describes Intelligence Preparation for Operational Resilience (IPOR), a framework for preparing intelligence that complements commonly used intelligence frameworks such as Intelligence Preparation of the Battlefield (IPB).
Structuring the Chief Information Security Officer Organization
In this September 2015 technical note, the authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.
CERT Resilience Management Model: A Maturity Model for Managing Operational
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
CERT-RMM User Panel Discussion: USPIS, DHS, DoE, SunGard, & Lockheed Martin
In this webinar, watch the CERT-RMM User Panel discuss their experiences implementing RMM from the SEI Virtual Event, CERT Operational Resilience: Manage, Protect and Sustain.
CERT Resilience Management Model (CERT-RMM) V1.1: NIST Special Publication
Crosswalk Version 2
This update to Version 1 of this same title (CMU/SEI-2011-TN-028) maps CERT-RMM process areas to certain NIST 800-series special publications.
The Smart Grid Maturity Model Around the World
In this webinar, Jeffrey H. Ferris introduces the Smart Grid Maturity Model (SGMM), a management tool designed to help any utility, anywhere, plan its journey toward grid modernization-no customization required.
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)
In this webinar, watch James Stevens discuss the "Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)" from the SEI Virtual Event, CERT Operational Resilience: Manage, Protect and Sustain.
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment
In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.