CERT Resiliency Management Model
Since 2001, CERT has been working in the areas of security process
improvement and operational resiliency management and
engineering. Beginning with the introduction of the
OCTAVE® Method, CERT has been researching and
developing tools, techniques, and methods that help organizations
manage operational risk and improve operational resiliency.
CERT Resiliency Management Model
The CERT Resiliency Management Model is a capability
model for operational resiliency management. It has two primary
objectives:
- Establish the convergence of operational risk and resiliency
management activities such as security, business continuity, and
aspects of IT operations management into a single model.
- Apply a process improvement approach to operational resiliency
management through the definition and application of a capability
level scale that expresses increasing levels of process
improvement.
A partial, draft version of the model was released in April 2008 and is available for download for reference purposes.
The draft version was called the CERT® Resiliency Engineering Framework. Version 1.0 of the CERT Resiliency
Management Model incorporates
improvements based on feedback from pilot use of the draft framework. Process areas of the CERT Resiliency Management
Model are being
published as they are completed and made available for download.
Features and benefits of the CERT Resiliency Management Model
- Provides a process definition, expressed in more than 20 process areas
across four categories: enterprise management, engineering, operations
management, and process management
- Focuses on four essential operational assets: people, information,
technology, and facilities
- Includes processes and practices that define a scale of four
capability levels for each process area: Incomplete, Performed,
Managed, and Defined
- Serves as a meta-model that includes references to common codes of
practice such as ISO27000, ITIL, CobiT, and others such as BS25999 and
ISO24762
- Includes process metrics and measurements that can be used to
ensure that operational resiliency processes are performing as
intended
- Facilitates an objective measurement of capability levels via a
structured and repeatable appraisal methodology
CERT Resiliency Management Model Capability Appraisals
CERT is currently performing capability appraisals using the CERT Resiliency Management Model as a foundation.
Capability appraisals are an objective way to
determine your organization's current level of capability for managing
operational resiliency based on the capability level scale included in
the model. Learn
more...
|
|