Advanced Search

Content Type

Topics

Publication Date

Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

Abstract

As security issues dominate news headlines and affect our daily lives, organizations need to improve their ability to protect and sustain their business-critical assets, people, information, technology, and facilities using human and financial resources efficiently and effectively. Traditional activities such as security and business continuity must not only be effective at achieving these goals but also must offer the organization increased capabilities for managing and controlling operational resiliency. Unfortunately, organizations often manage these activities in a reactive posture fraught with stove-piped organizational structures and poorly defined and measured goals. The result: potentially less-than-adequate operational resiliency to support business objectives. But organizations can vastly improve operational resiliency by viewing it as an engineering-based process that can be defined, managed, measured, and improved. This view ensures collaboration between security and business continuity activities toward common goals and considers the role of supporting activities such as governance, asset and risk management, and financial control. This report introduces the CERT Resiliency Engineering Framework as a foundational model that describes the essential processes for managing operational resiliency, provides a structure from which an organization can begin process improvement of its security and business continuity efforts, and catalyzes the formation of a community from which further definition of this emerging discipline can evolve.

Cite This Report

Show Citation Formats

SEI

Caralli, Richard; Stevens, James; Wallen, Charles; White, David; Wilson, William; & Young, Lisa. Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes (CMU/SEI-2007-TR-009). Software Engineering Institute, Carnegie Mellon University, 2007. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8389

IEEE

Caralli. Richard, Stevens. James, Wallen. Charles, White. David, Wilson. William, and Young. Lisa, "Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2007-TR-009, 2007. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8389

APA

Caralli, Richard., Stevens, James., Wallen, Charles., White, David., Wilson, William., & Young, Lisa. (2007). Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes (CMU/SEI-2007-TR-009). Retrieved August 23, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8389

CHI

Richard Caralli, James Stevens, Charles Wallen, David White, William Wilson, & Lisa Young. Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes (CMU/SEI-2007-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2007. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8389

MLA

Caralli, Richard., Stevens, James., Wallen, Charles., White, David., Wilson, William., & Young, Lisa. 2007. Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes (Technical Report CMU/SEI-2007-TR-009). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=8389