Governing for Enterprise Security (GES) describes ideas and methods organizations need to achieve and sustain a culture of security. GES builds upon corporate, enterprise, and information technology (IT) governance.

	CERT's Podcast Series: Security for Business Leaders
	Governing for Enterprise Security: Overview (pdf) | Technical Note (pdf)
	Information Security as an Institutional Priority (pdf)
	Build Security In: Governance & Management

Governance Research Area
Includes our history of work, reports, related podcasts, and presentations.

CERT's insider threat research is a collaborative effort to convey the big picture of the insider threat problem: the complex interactions, degree of risk, and unintended consequences of combinations of countermeasures (or lack thereof) over time.

	Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors (pdf) | Executive Summary (html)
	Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (pdf)
	The MERIT Project
	Preliminary System Dynamics Maps of the Insider Cyber-threat Problem (pdf)
	2005 E-Crime Watch Survey: Summary of Findings

Insider Threat Research Area
Includes our history of work, reports, related podcasts, and presentations.

Security and Resiliency Engineering
Resiliency engineering is the process by which an organization designs, develops, implements, and manages the protection and sustainability of business-critical services, related business processes, and associated assets. The CERT^® Resiliency Engineering Framework is the foundational process description of the capabilities required to manage operational resiliency and to focus security and business continuity activities on achieving organizationally driven objectives. The framework helps organizations build in, manage, and sustain resiliency rather than react to changing operational risk environments

OCTAVE
OCTAVE is an information security evaluation that considers your organization and its missions.