CERT Resiliency Management Model

Organizational Security Resiliency Management Governing for Enterprise Security
Information Security Assessments and Evaluations OCTAVE^®
Threat Analysis and Modeling Insider Threat

Publications Catalog Historical Documents

CERT Resiliency Management Model

Since 2001, CERT has been working in the areas of security process improvement and operational resiliency management and engineering. Beginning with the introduction of the OCTAVE^® Method, CERT has been researching and developing tools, techniques, and methods that help organizations manage operational risk and improve operational resiliency.

CERT Resiliency Management Model

The CERT Resiliency Management Model is a capability model for operational resiliency management. It has two primary objectives:

Establish the convergence of operational risk and resiliency management activities such as security, business continuity, and aspects of IT operations management into a single model.
Apply a process improvement approach to operational resiliency management through the definition and application of a capability level scale that expresses increasing levels of process improvement.

A partial, draft version of the model was released in April 2008 and is available for download for reference purposes. The draft version was called the CERT® Resiliency Engineering Framework. Version 1.0 of the CERT Resiliency Management Model incorporates improvements based on feedback from pilot use of the draft framework. Process areas of the CERT Resiliency Management Model are being published as they are completed and made available for download.

Features and benefits of the CERT Resiliency Management Model

Provides a process definition, expressed in more than 20 process areas across four categories: enterprise management, engineering, operations management, and process management
Focuses on four essential operational assets: people, information, technology, and facilities
Includes processes and practices that define a scale of four capability levels for each process area: Incomplete, Performed, Managed, and Defined
Serves as a meta-model that includes references to common codes of practice such as ISO27000, ITIL, CobiT, and others such as BS25999 and ISO24762
Includes process metrics and measurements that can be used to ensure that operational resiliency processes are performing as intended
Facilitates an objective measurement of capability levels via a structured and repeatable appraisal methodology

CERT Resiliency Management Model Capability Appraisals

CERT is currently performing capability appraisals using the CERT Resiliency Management Model as a foundation. Capability appraisals are an objective way to determine your organization's current level of capability for managing operational resiliency based on the capability level scale included in the model. Learn more...

Resources

General Information

Resiliency Management Overview

Methods

Download Resiliency Management Materials

Request for Comment on the CERT Resiliency Management Model

Podcasts and Media

Publications

more related publications...

Training

Introduction to the CERT Resiliency Management Model

Last updated July 1, 2009