CERT Resiliency Management Model

Organizational Security Resiliency Management Governing for Enterprise Security
Information Security Assessments and Evaluations OCTAVE^®
Threat Analysis and Modeling Insider Threat

Publications Catalog Historical Documents

CERT Resiliency Management Model

The CERT Resiliency Management Model is a capability model for operational resiliency management. It has two primary objectives:

Establish the convergence of operational risk and resiliency management activities such as security, business continuity, and aspects of IT operations management into a single model.
Apply a process improvement approach to operational resiliency management through the definition and application of a capability level scale that expresses increasing levels of process improvement.

Process areas of the CERT Resiliency Management Model are being published as they are completed and are available for download.

Features and Benefits of the CERT Resiliency Management Model

The CERT Resiliency Management Model doesn't replace an organization’s best practices—it provides a process structure into which they can be inserted and managed. The organization can then measure the achievement of process goals to validate that implemented practices are providing the expected results. The model

provides a process definition, expressed in more than 20 process areas across four categories: enterprise management, engineering, operations management, and process management
focuses on four essential operational assets: people, information, technology, and facilities
includes processes and practices that define a scale of four capability levels for each process area: Incomplete, Performed, Managed, and Defined
serves as a meta-model that includes references to common codes of practice such as ISO27000, ITIL, CobiT, and others such as BS25999 and ISO24762
includes process metrics and measurements that can be used to ensure that operational resiliency processes are performing as intended
facilitates an objective measurement of capability levels via a structured and repeatable appraisal method

CERT Resiliency Management Model Capability Appraisals

CERT is currently performing capability appraisals using the CERT Resiliency Management Model as a foundation. Capability appraisals are an objective way to determine your organization's current level of capability for managing operational resiliency based on the model's capability level scale. Learn more...

Resources

General Information

Resiliency Management Overview

Methods

Download Resiliency Management Materials

Request for Comment on the CERT Resiliency Management Model

Podcasts and Media

Publications

more related publications...

Training

Introduction to the CERT Resiliency Management Model

Last updated January 12, 2010