Resiliency Engineering Research

Enterprise Security Resiliency Engineering Governing for Enterprise Security
Information Security Assessments and Evaluations OCTAVE^®
Threat Analysis and Modeling Insider Threat

Publications Catalog Historical Documents CERT Contact Information CERT Statistics Meet CERT Employment Opportunities

Resiliency Engineering Research

Since 2001, CERT has been working in the areas of security process improvement and operational resiliency management and engineering. Beginning with the introduction of the OCTAVE^® Method, CERT has been researching and developing tools, techniques, and methods that help organizations manage operational risk and improve operational resiliency.

CERT^® Resiliency Engineering Framework

The CERT Resiliency Engineering Framework (REF) is a capability model for operational resiliency management. It has two primary objectives:

Establish the convergence of operational risk and resiliency management activities such as security, business continuity, and aspects of IT operations management, into a single model.
Apply a process improvement approach to operational resiliency management through the definition and application of a capability level scale that expresses increasing levels of process improvement.

The current version of the framework was released in April 2008 and is available for download.

Features and benefits of REF

Provides a process definition, expressed 24 capability areas across four categories: enterprise management, engineering, operations management, and process management
Focuses on four essential operational assets: people, information, technology, and facilities
Includes processes and practices that define a scale of five capability levels for each capability area: incomplete, performed, managed, directed, and continuously improved
Serves as a meta-model that includes references to common codes of practice such as ISO27000, ITIL, CobiT, and others such as BS25999 and ISO24762
Includes process metrics and measurements that can be used to ensure that operational resiliency processes are performing as intended
Facilitates an objective measurement of capability levels via a structured and repeatable appraisel methodology

REF Capability Appraisals

CERT is currently performing capability appraisals using the REF model as a foundation. Capability appraisals are an objective way to determine your organization's current level of capability for managing operational resiliency based on the capability level scale included in the framework. Learn more...

Resources

General Information

Methods

CERT Resiliency Engineering Framework v0.95R
CERT Resiliency Engineering Framework: Code of Practice Crosswalk

Request for Comment on the Resiliency Engineering Framework

Podcasts and Media

Publications

more resiliency engineering publications...

Training

Introduction to the CERT Resiliency Engineering Framework

Last updated September 29, 2008