Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Richard A. Caralli
November 2013 - Technical Note Advancing Cybersecurity Capability Measurement Using the CERT-RMM Maturity Indicator Level Scale

Topics: Cyber Risk and Resilience Management

Authors: Matthew J. Butkovic, Richard A. Caralli

In this report, the authors review the specific and generic goals and practices in CERT-RMM to determine if a better scale could be developed.

August 2013 - Podcast Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions

Authors: Richard A. Caralli, Julia H. Allen

In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.

November 2012 - White Paper Maturity Models 101: A Primer for Applying Maturity Models to Smart Grid Security, Resilience, and Interoperability

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Mark Knight (CGI Group), Austin Montgomery

In this paper, the authors explain the history and evolution of and applications for maturity models.

December 2010 - Podcast How Resilient Is My Organization?

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, David W. White, Julia H. Allen

In this podcast, Richard Caralli explains how CERT-RMM can ensure that critical assets and services perform as expected in the face of stress and disruption.

November 2010 - Book CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, David W. White

In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.

July 2010 - Webinar Transforming Your Operational Resilience Management Capabilities: CERT’s Resilience Management Model

Topics: Cybersecurity Engineering, Risk and Opportunity Management

Authors: Richard A. Caralli

In this webinar, Rich Caralli, architect of CERT RMM, describes how an organization can use the RMM to transform its operational resilience.

May 2010 - Technical Report CERT Resilience Management Model, Version 1.0

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, Pamela D. Curtis, David W. White, Lisa R. Young

In this report, the authors present CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.

January 2010 - Presentation Improving and Sustaining Processes for Managing Operational Resiliency CERT Resiliency Management Model - INACTIVE

Topics: Cyber Risk and Resilience Management, Process Improvement

Authors: Richard A. Caralli

Rich Caralli describes how an organization can use the CERT Resiliency Management Model (CERT RMM) to establish its current level of capability in managing resiliency, set forward-looking resiliency goals and targets, and to develop plans to close identified gaps.

May 2007 - Podcast Adapting to Changing Risk Environments: Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Stephanie Losi

In this podcast, participants discuss how businesses leaders need to keep their critical processes and services up and running in the face of the unexpected.

May 2007 - Technical Report Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Charles M. Wallen (Financial Services Technology Consortium), David W. White, William R. Wilson, Lisa R. Young

In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.

May 2007 - Technical Report Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Lisa R. Young, William R. Wilson

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.

November 2006 - Presentation Focus on Resiliency: A Process Improvement Approach to Security

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Lisa R. Young

In this CSI 33rd Annual Security Conference presentation, Rich Caralli and Lisa Young discuss resiliency and a process improvement approach to security.

September 2006 - Presentation Operational Resiliency Management: An Introduction to the Resiliency Engineering Framework

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Charles M. Wallen (Financial Services Technology Consortium)

In this presentation, Ron McLeod discusses a partnership with TARA to analyze the outbound and inbound traffic in networks of convenience.

June 2006 - Presentation Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli

In this presentation, Richard Caralli describes a process improvement approach to security management for sustaining operational resiliency.

April 2006 - Technical Note Sustaining Operational Resiliency: A Process Improvement Approach to Security Management

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli

In this 2006 report, Richard Caralli describes the fundamental elements and benefits of a process approach to security and operational resiliency.

November 2005 - Presentation Focus on Resiliency: A Process-Oriented Approach to Security

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens

In this presentation, the authors describe a process-oriented approach to security.

June 2005 - Technical Note Information Asset Profiling

Topics: Cyber Risk and Resilience Management

Authors: James F. Stevens, Richard A. Caralli, Bradford J. Willke

In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.

December 2004 - Technical Note Managing for Enterprise Security

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, James F. Stevens, Bradford J. Willke, William R. Wilson

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.

July 2004 - Technical Report The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Bradford J. Willke, William R. Wilson

In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.

April 2004 - Presentation Building a Practical Framework for Enterprise-Wide Security Management

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Kevin Behr (IP Services and ITPI), Richard A. Caralli, Eileen C. Forrester, Gene Kim (IP Services and ITPI), Larry Rogers, Jeannine Siviy, William R. Wilson

In this presentation, the authors describe a practical framework for enterprise-wide security management as developed by the CERT Division.

January 2004 - Presentation Maturing Your Approach to "Security Management"

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, William R. Wilson

In this presentation, the authors describe the challenges in assuring security, roadblocks that security approaches face, and how to solve these problems.

January 2004 - Presentation Applying Critical Success Factors to Information Security Planning

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, William R. Wilson

In this presentation, the authors discuss critical success factors and their use in security management, and provide development and analysis examples.

January 2004 - Presentation The Challenges of Security Management

Authors: Richard A. Caralli

This paper explores some of the challenges that organizations must overcome to be successful in this environment and introduces ways in which a change in perspective might be the impetus for an emerging mission-driven approach to security.