Governing for Enterprise Security (GES) describes ideas and methods organizations need to achieve and sustain a culture of security. GES builds upon corporate, enterprise, and information technology (IT) governance.

	CERT's Podcast Series: Security for Business Leaders
	Governing for Enterprise Security: Overview (pdf) | Technical Note (pdf)
	Information Security as an Institutional Priority (pdf)
	Build Security In: Governance & Management

Governance Research Area
Includes our history of work, reports, related podcasts, and presentations.

CERT's insider threat research is a collaborative effort to convey the big picture of the insider threat problem: the complex interactions, degree of risk, and unintended consequences of combinations of countermeasures (or lack thereof) over time.

	Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors (pdf) | Executive Summary (html)
	Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (pdf)
	The MERIT Project
	Preliminary System Dynamics Maps of the Insider Cyber-threat Problem (pdf)
	2005 E-Crime Watch Survey: Summary of Findings

Insider Threat Research Area
Includes our history of work, reports, related podcasts, and presentations.

Resiliency Management research focuses on helping organizations improve the ways they design, develop, implement, and manage the protection and sustainability of high-value services, related business processes, and associated assets.

Resiliency Management Model
The CERT^® Resiliency Management Model is the foundational process description of the capabilities required to manage operational resiliency and to focus security and business continuity activities on achieving organizationally driven objectives. The model helps organizations build in, manage, and sustain resiliency rather than react to changing operational risk environments.

OCTAVE
OCTAVE is a suite of tools, techniques, and methods for risk-based information security strategic assessment and planning.