Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Julia H. Allen
April 2016 - Webinar Structuring the Chief Information Security Officer Organization

Topics: Risk and Opportunity Management

Authors: Julia H. Allen, Nader Mehravari

This webinar described a CISO organizational structure and functions for a typical large, diverse organization using input from CISOs, policies, frameworks, maturity models, standards, and codes of practice.

December 2015 - Podcast Structuring the Chief Information Security Officer Organization

Authors: Nader Mehravari, Julia H. Allen, Lisa R. Young

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.

October 2015 - Technical Note Structuring the Chief Information Security Officer Organization

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Gregory Crabb (U.S. Postal Inspection Service), Pamela D. Curtis, Brendan Fitzpatrick, Nader Mehravari, David Tobar

The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.

September 2015 - Technical Report Improving Federal Cybersecurity Governance Through Data-Driven Decision Making and Execution

Topics: Cybersecurity Engineering

Authors: Douglas Gray, Brian D. Wisniewski, Julia H. Allen, Constantine Cois (Heinz College, Carnegie Mellon University), Anne Connell, Erik Ebel (Veris Group), William Gulley (Veris Group), Michael Riley (Veris Group), Robert W. Stoddard, Marie Vaughn (Veris Group)

This technical report focuses on cybersecurity at the indirect, strategic level. It discusses how cybersecurity decision makers at the tactical or implementation level can establish a supportive contextual environment to help enable their success.

August 2015 - Podcast Capturing the Expertise of Cybersecurity Incident Handlers

Topics: Incident Management

Authors: Samuel J. Perl, Richard O. Young, Julia H. Allen

In this podcast, Dr. Richard Young, a professor with CMU, and Sam Perl, a member of the CERT Division, discuss their research on how expert cybersecurity incident handlers react when faced with an incident.

April 2015 - Audio CERT Cyber Risk Insurance Symposium Overview

Topics: Cyber Risk and Resilience Management

Authors: Summer C. Fowler, James J. Cebula, Julia H. Allen

In this interview, Summer Fowler and Jim Cebula provide an overview of the May 2015 CERT Cyber Risk Insurance Symposium.

March 2015 - Podcast Supply Chain Risk Management: Managing Third Party and External Dependency Risk

Topics: Cyber Risk and Resilience Management

Authors: John Haller, Matthew J. Butkovic, Julia H. Allen

In this podcast, Matt Butkovic and John Haller discuss approaches for more effectively managing supply chain risks, focusing on risks arising from “external entities that provide, sustain, or operate Information and Communications Technology (ICT)."

March 2015 - Technical Note Defining a Maturity Scale for Governing Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Katie C. Stewart, Julia H. Allen, Audrey J. Dorofee, Michelle A. Valdez, Lisa R. Young

Governing operational resilience requires the appropriate level of sponsorship, a commitment to strategic planning that includes resilience objectives, and proper oversight of operational resilience activities.

February 2015 - Podcast A Workshop on Measuring What Matters

Topics: Measurement and Analysis

Authors: Lisa R. Young, Michelle A. Valdez, Katie C. Stewart, Julia H. Allen

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop and identifying improvements for future offerings.

February 2015 - Technical Note A Proven Method for Meeting Export Control Objectives in Postal and Shipping Sectors

Topics: Cyber Risk and Resilience Management

Authors: Greg Crabb (United States Postal Service), Julia H. Allen, Pamela D. Curtis, Nader Mehravari

This report describes how the CERT-RMM enabled the USPIS to implement an innovative approach for achieving complex international mail export control objectives.

February 2015 - Technical Note Measuring What Matters Workshop Report

Topics: Risk and Opportunity Management, Cyber Risk and Resilience Management

Authors: Katie C. Stewart, Julia H. Allen, Michelle A. Valdez, Lisa R. Young

This report describes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences in planning and executing the workshop and identifying improvements for future offerings.

January 2015 - Podcast Cyber Insurance and Its Role in Mitigating Cybersecurity Risk

Topics: Cyber Risk and Resilience Management

Authors: James J. Cebula, David W. White, Julia H. Allen

In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk.

October 2014 - Podcast A Taxonomy of Operational Risks for Cyber Security

Topics: Cyber Risk and Resilience Management

Authors: James J. Cebula, Julia H. Allen

In this podcast, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: International Mail Transportation (Version 1.0)

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Greg Crabb (United States Postal Service), Pamela D. Curtis, Sam Lin, Nader Mehravari, Dawn Wilkes

This report describes a new process area that ensures that international mail is transported according to Universal Postal Union standards.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: Mail Revenue Assurance (Version 1.0)

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Greg Crabb (United States Postal Service), Pamela D. Curtis, Nader Mehravari, David W. White

This report describes a new process area that ensures that the USPS is compensated for mail that is accepted, transported, and delivered.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: Mail Induction (Version 1.0)

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Greg Crabb (United States Postal Service), Pamela D. Curtis, Nader Mehravari, David W. White

This report describes a new process area that ensures that mail is inducted into the U.S. domestic mail stream according to USPS standards and requirements.

June 2014 - Webinar United States Postal Inspection Service (USPIS)

Topics: Cyber Risk and Resilience Management, Risk and Opportunity Management

Authors: Julia H. Allen

Watch Julia Allen discuss the United States Postal Inspection Service (USPIS) (Case Study) from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain

May 2014 - Podcast Characterizing and Prioritizing Malicious Code

Topics: Malware Analysis

Authors: Jose A. Morales, Julia H. Allen

In this podcast, Jose Morales discusses how to prioritize malware samples, helping analysts to identify the most destructive malware to examine first.

March 2014 - News New Podcast Released: Comparing IT Risk Assessment and Analysis Methods

Topics: Cyber Risk and Resilience Management

Authors: Ben Tomhave, Erik Heidt, Julia H. Allen

In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization.

March 2014 - Podcast Comparing IT Risk Assessment and Analysis Methods

Topics: Cyber Risk and Resilience Management

Authors: Ben Tomhave, Erik Heidt, Julia H. Allen

In this podcast, the presenters discuss IT risk assessment and analysis, and comparison factors for selecting methods that are a good fit for your organization.

January 2014 - Technical Note A Proven Method for Identifying Security Gaps in International Postal and Transportation Critical Infrastructure

Topics: Cyber Risk and Resilience Management

Authors: Greg Crabb (United States Postal Service), Julia H. Allen, Pamela D. Curtis, Nader Mehravari

In this report, the authors describe a method of identifying physical security gaps in international mail processing centers and similar facilities.

January 2014 - Podcast Raising the Bar - Mainstreaming CERT C Secure Coding Rules

Topics: Secure Coding

Authors: Robert C. Seacord, Julia H. Allen

In this podcast, Robert Seacord describes the CERT-led effort to publish an ISO/IEC technical specification for secure coding rules for compilers and analyzers.

November 2013 - Podcast Using the Cyber Resilience Review to Help Critical Infrastructures Better Manage Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Kevin Dillon (Department of Homeland Security), Matthew J. Butkovic, Julia H. Allen

In this podcast, the presenters explain how CRRs allow critical infrastructure owners to compare their cybersecurity performance with their peers.

August 2013 - Podcast Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions

Authors: Richard A. Caralli, Julia H. Allen

In this podcast, Rich Caralli explains how maturity models provide measurable value in improving an organization's cybersecurity capabilities.

July 2013 - Podcast DevOps - Transform Development and Operations for Fast, Secure Deployments

Authors: Gene Kim (IP Services and ITPI), Julia H. Allen

In this podcast, Gene Kim explains how the "release early, release often" approach significantly improves software performance, stability, and security.

July 2013 - White Paper Risk-Centered Practices

Authors: Julia H. Allen

In this paper, Julia Allen discusses the role that risk management and risk assessment play in choosing which security practices to implement.

July 2013 - White Paper Navigating the Security Practice Landscape

Authors: Julia H. Allen

In this paper, Julia Allen presents a summary of ten leading sources of security practice definition and implementation guidance.

July 2013 - White Paper Plan, Do, Check, Act

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen

In this paper, Ken van Wyk provides a primer on the most commonly used tools for traditional penetration testing.

June 2013 - Podcast Managing Disruptive Events - CERT-RMM Experience Reports

Topics: Cyber Risk and Resilience Management

Authors: Nader Mehravari, Julia H. Allen

In this podcast, the participants describe four experience reports that demonstrate how the CERT-RMM can be applied to manage operational risks.

May 2013 - White Paper Maturity of Practice

Authors: Julia H. Allen

In this paper, Julia Allen identifies indicators that organizations are addressing security as a governance and management concern, at the enterprise level.

May 2013 - White Paper Integrating Security and IT

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen

In this paper, Julia Allen describes the key relationship between IT processes and security controls.

May 2013 - White Paper How Much Security Is Enough?

Topics: Software Assurance

Authors: Julia H. Allen

In this paper, Julia Allen provides guidelines for answering this question, including means for determining adequate security based on risk.

May 2013 - White Paper Governance and Management References

Authors: Julia H. Allen

In this paper, Julia Allen provides references related to governance and management.

May 2013 - White Paper Framing Security as a Governance and Management Concern: Risks and Opportunities

Authors: Julia H. Allen

In this paper, Julia Allen describes six "assets" or requirements of being in business that can be compromised by insufficient security investment.

May 2013 - White Paper Deployment and Operations References

Authors: Julia H. Allen

In this paper, Julia Allen provides a list of references related to deployment and operations.

May 2013 - White Paper Deploying and Operating Secure Systems

Topics: Cybersecurity Engineering, Software Assurance

Authors: Julia H. Allen

In this paper, Julia Allen provides a brief overview of deployment and operations security issues and advice for using related practices.

May 2013 - White Paper Software Security Engineering: A Guide for Project Managers

Topics: Cybersecurity Engineering, Software Assurance

Authors: Gary McGraw, Julia H. Allen, Nancy R. Mead, Robert J. Ellison, Sean Barnum

In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.

May 2013 - White Paper Security Is Not Just a Technical Issue

Authors: Julia H. Allen

In this paper, Julia Allen defines the scope of governance concern as they apply to security.

May 2013 - Podcast Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity

Topics: Malware Analysis

Authors: Dave Mundie, Julia H. Allen

In this podcast, Dave Mundie explains why a common language is essential to developing a shared understanding to better analyze malicious code.

March 2013 - Podcast Securing Mobile Devices aka BYOD

Authors: Joe Mayes, Julia H. Allen

In this podcast, Joe Mayes discusses how to ensure the security of personal mobile devices that have access to enterprise networks.

February 2013 - Podcast Mitigating Insider Threat - New and Improved Practices Fourth Edition

Topics: Insider Threat

Authors: George Silowash, Lori Flynn, Julia H. Allen

In this podcast, participants explain how 371 cases of insider attacks led to 4 new and 15 updated best practices for mitigating insider threats.

January 2013 - Podcast Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk

Topics: Cyber Risk and Resilience Management

Authors: Nader Mehravari, Julia H. Allen

In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans for and responses to disruptive events.

December 2012 - Podcast Managing Disruptive Events: Making the Case for Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Nader Mehravari, Julia H. Allen

In this podcast, Nader Mehravari describes how today's high-risk, global, fast, and very public business environment demands a more integrated approach.

December 2012 - Technical Note Analyzing Cases of Resilience Success and Failure - A Research Study

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Pamela D. Curtis, Andrew P. Moore, Nader Mehravari, Kevin G. Partridge, Robert W. Stoddard, Randall F. Trzeciak

In this report, the authors describe research aimed at helping organizations to know the business value of implementing resilience processes and practices.

October 2012 - Podcast Using Network Flow Data to Profile Your Network and Reduce Vulnerabilities

Authors: Austin Whisnant, Sid Faber, Julia H. Allen

In this podcast, participants discuss how a network profile can help identify unintended points of entry, misconfigurations, and other weaknesses.

September 2012 - Podcast How to More Effectively Manage Vulnerabilities and the Attacks that Exploit Them

Topics: Incident Management

Authors: Art Manion, Julia H. Allen

In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.

August 2012 - Podcast U.S. Postal Inspection Service Use of the CERT Resilience Management Model

Topics: Cyber Risk and Resilience Management

Authors: Greg Crabb (U.S. Postal Inspection Service), Julia H. Allen

In this podcast, Greg Crabb explains how CERT-RMM can be used to establish and meet resilience requirements for a wide range of business objectives.

July 2012 - Podcast Insights from the First CERT Resilience Management Model Users Group

Topics: Cyber Risk and Resilience Management

Authors: Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more.

April 2012 - Podcast NIST Catalog of Security and Privacy Controls, Including Insider Threat

Authors: Ron Ross (NIST), Joji Montelibano, Julia H. Allen

In this podcast, participants discuss why security controls, including those for insider threat, are necessary to protect information and information systems.

April 2012 - Technical Note Report from the First CERT-RMM Users Group Workshop Series

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Lisa R. Young

In this report, the authors describe the first CERT RMM Users Group (RUG) Workshop Series and the experiences of participating members and CERT staff.

February 2012 - Podcast Cisco's Adoption of CERT Secure Coding Standards

Authors: Martin Sebor (Cisco), Julia H. Allen

In this podcast, Martin Sebor explains how implementing secure coding standards is a sound business decision.

February 2012 - White Paper Deriving Software Security Measures from Information Security Standards of Practice

Topics: Measurement and Analysis

Authors: Christopher J. Alberts, Julia H. Allen, Robert W. Stoddard

In this paper, the authors describe an approach for deriving measures of software security from common standard practices for information security.

February 2012 - Technical Note Risk-Based Measurement and Analysis: Application to Software Security

Topics: Cybersecurity Engineering, Software Assurance, Measurement and Analysis

Authors: Christopher J. Alberts, Julia H. Allen, Robert W. Stoddard

In this report, the authors present the concepts of a risk-based approach to software security measurement and analysis and describe the IMAF and MRD.

January 2012 - Podcast How to Become a Cyber Warrior

Authors: Dennis M. Allen, Julia H. Allen

In this podcast, Dennis Allen explains that protecting the internet and its users against cyber attacks requires more skilled cyber warriors.

December 2011 - Podcast Considering Security and Privacy in the Move to Electronic Health Records

Authors: Deborah Lafky (Healthcare Information Technology (HIT) Security/Cybersecurity), Matthew J. Butkovic, Julia H. Allen

In this podcast, participants discuss how using electronic health records bring many benefits along with security and privacy challenges.

December 2011 - Technical Note Using Defined Processes as a Context for Resilience Measures

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Pamela D. Curtis, Linda Parker Gates

In this report, the authors describe how implementation-level processes can provide context for identifying and defining measures of operational resilience.

October 2011 - Webinar SEI Technologies Forum: Measuring Operational Resilience

Topics: Cyber Risk and Resilience Management, Risk and Opportunity Management, Measurement and Analysis

Authors: Julia H. Allen

In this webinar, Julia Allen suggests 10 strategic resilience measures and the means to derive them for improving organizational security measurements.

October 2011 - Podcast Measuring Operational Resilience

Topics: Measurement and Analysis, Cyber Risk and Resilience Management

Authors: Julia H. Allen, Pamela D. Curtis

In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior.

September 2011 - Podcast Why Organizations Need a Secure Domain Name System

Authors: Alex Nicoll, Julia H. Allen

Use of Domain Name System security extensions can help prevent website hijacking attacks.

August 2011 - Podcast Controls for Monitoring the Security of Cloud Services

Authors: Art Manion, Jonathan Spring, Julia H. Allen

In this podcast, participants explain that it depends on the service model how cloud providers and customers can use controls to protect sensitive information.

July 2011 - Podcast Building a Malware Analysis Capability

Topics: Malware Analysis

Authors: Jeff Gennari, Julia H. Allen

In this podcast, Jeff Gennari explains that analyzing malware is essential to assessing the damage and reducing the impact associated with ongoing infection.

July 2011 - Technical Report Measures for Managing Operational Resilience

Topics: Cyber Risk and Resilience Management, Measurement and Analysis

Authors: Julia H. Allen, Pamela D. Curtis

In this report, the Resilient Enterprise Management (REM) team suggests a set of top ten strategic measures for managing operational resilience.

May 2011 - Podcast Using the Smart Grid Maturity Model (SGMM)

Topics: Cyber Risk and Resilience Management

Authors: David W. White, Julia H. Allen

In this podcast, David White describes how over 100 electric power utilities are using the Smart Grid Maturity Model.

March 2011 - Podcast Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM

Topics: Cyber Risk and Resilience Management

Authors: Ron Ross (NIST), James J. Cebula, Julia H. Allen

In this podcast, participants explain why and how business leaders must address risk at the enterprise, business process, and system levels.

March 2011 - Presentation Using CERT-RMM in a Software and System Assurance Context

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen

In this presentation, Julia Allen describes how organizations can employ CERT-RMM immediately to jump-start assurance considerations in early life cycle activities.

February 2011 - Podcast Conducting Cyber Exercises at the National Level

Topics: Cyber Risk and Resilience Management

Authors: Brett Lambo (U.S. Department of Homeland Security), Matthew J. Butkovic, Julia H. Allen

In this podcast, participants discuss exercises that help organizations, governments, and nations prepare for, identify, and mitigate cyber risks.

February 2011 - Presentation Risk and Resilience: Considerations for Information Security Risk Assessment and Management

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, James J. Cebula

In this presentation, the authors introduce audience members to the CERT Resilience Management Model.

January 2011 - Podcast Indicators and Controls for Mitigating Insider Threat

Topics: Insider Threat

Authors: Michael Hanley, Julia H. Allen

In this podcast, Michael Hanley explains how technical controls can be effective in helping to prevent, detect, and respond to insider crimes.

January 2011 - Presentation Security Measurement and Analysis

Topics: Measurement and Analysis

Authors: Christopher J. Alberts, Julia H. Allen, Robert W. Stoddard

In this presentation, the authors describe work being performed by the SEI in the area of security measurement and analysis.

December 2010 - Podcast How Resilient Is My Organization?

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, David W. White, Julia H. Allen

In this podcast, Richard Caralli explains how CERT-RMM can ensure that critical assets and services perform as expected in the face of stress and disruption.

November 2010 - Podcast Public-Private Partnerships: Essential for National Cyber Security

Authors: Samuel A. Merrell, John Haller, Philip Huff (Arkansas Electric Cooperative Corporation), Julia H. Allen

In this podcast, participants explain that knowledge of software assurance is essential to ensure that complex systems function as intended.

November 2010 - Book CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, David W. White

In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.

October 2010 - Podcast Software Assurance: A Master's Level Curriculum

Topics: Workforce Development

Authors: Nancy R. Mead, Thomas B. Hilburn (Embry-Riddle Aeronautical University), Richard C. Linger (Oak Ridge National Laboratory), Julia H. Allen

In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.

September 2010 - Podcast How to Develop More Secure Software - Practices from Thirty Organizations

Topics: Software Assurance

Authors: Gary McGraw, Sammy Migues (Cigital), Julia H. Allen

In this podcast, participants discuss how organizations can benchmark their software security practices against 109 observed activities from 30 organizations.

September 2010 - Technical Note Integrated Measurement and Analysis Framework for Software Security

Topics: Measurement and Analysis

Authors: Christopher J. Alberts, Julia H. Allen, Robert W. Stoddard

In this report, the authors address how to measure software security in complex environments using the Integrated Measurement and Analysis Framework (IMAF).

September 2010 - Technical Note Measuring Operational Resilience Using the CERT® Resilience Management Model

Topics: Cyber Risk and Resilience Management, Measurement and Analysis

Authors: Julia H. Allen, Noopur Davis

In this 2010 report, the authors begin a dialogue and establish a foundation for measuring and analyzing operational resilience.

September 2010 - Technical Report Building Assured Systems Framework

Authors: Nancy R. Mead, Julia H. Allen

This report presents the Building Assured Systems Framework (BASF) that addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems.

August 2010 - Podcast Mobile Device Security: Threats, Risks, and Actions to Take

Authors: Jonathan Frederick, Julia H. Allen

In this podcast, Jonathan Frederick explains how internet-connected mobile devices are becoming increasingly attractive targets.

August 2010 - Podcast Establishing a National Computer Security Incident Response Team (CSIRT)

Topics: Incident Management

Authors: Jeffrey J. Carpenter, John Haller, Julia H. Allen

In this podcast, participants discuss how essential a national CSIRT is for protecting national and economic security and continuity.

July 2010 - Podcast Securing Industrial Control Systems

Authors: Art Manion, Julia H. Allen

In this podcast, Julia Allen how critical it is to secure systems that control physical switches, valves, pumps, meters, and manufacturing lines.

June 2010 - Podcast TJX, Heartland, and CERT's Forensics Analysis Capabilities

Authors: Kevin Moore, Cal Waits, Julia H. Allen

In this podcast, participants recount complex, distributed, multi-year investigations of computer crimes using sophisticated methods, techniques, and tools.

May 2010 - Podcast The Power of Fuzz Testing to Reduce Security Vulnerabilities

Authors: Will Dormann, Julia H. Allen

In this podcast, Will Dormann urges listeners to subject their software to fuzz testing to help identify and eliminate security vulnerabilities.

May 2010 - Technical Report CERT Resilience Management Model, Version 1.0

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, Pamela D. Curtis, David W. White, Lisa R. Young

In this report, the authors present CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.

April 2010 - Podcast Protect Your Business from Money Mules

Authors: Chad Dougherty, Julia H. Allen

Organized criminals recruit unsuspecting intermediaries to help steal funds from small businesses.

March 2010 - Podcast Train for the Unexpected

Authors: Matthew Meyer (M&I Corporation), Julia H. Allen

In this podcast, Matthew Meyer explains that being able to respond effectively when faced with a disruptive event requires becoming more resilient.

March 2010 - Podcast The Role of the CISO in Developing More Secure Software

Topics: Software Assurance

Authors: Pravir Chandra (Fortify Software), Julia H. Allen

In this podcast, Pravir Chandra warns that CISOs must leave no room for doubt that they understand what is expected of them when developing secure software.

March 2010 - White Paper Measuring Software Security

Authors: Julia H. Allen

This paper, extracted from the 2009 CERT Research Report, describes planned research tasks in the field of software security.

February 2010 - Podcast Computer and Network Forensics: A Master's Level Curriculum

Authors: Kristopher Rush, Julia H. Allen

In this podcast, Kris Rush describes how students learn to combine multiple facets of digital forensics and draw conclusions to support investigations.

January 2010 - Podcast Introducing the Smart Grid Maturity Model (SGMM)

Topics: Cyber Risk and Resilience Management

Authors: Ray Jones (APQC), Julia H. Allen

In this podcast, Ray Jones explains how the SGMM provides a roadmap to guide an organization's transformation to the smart grid.

January 2010 - Podcast Leveraging Security Policies and Procedures for Electronic Evidence Discovery

Authors: John Christiansen (Christiansen IT Law), Julia H. Allen

In this podcast, John Christiansen explains that effectively responding to e-discovery requests depends on well-defined policies, procedures, and processes.

December 2009 - Podcast Integrating Privacy Practices into the Software Development Life Cycle

Authors: Ralph Hood (Microsoft), Kim Howell (Microsoft), Julia H. Allen

In this podcast, participants explain that addressing privacy during software development is just as important as addressing security.

December 2009 - Podcast Using the Facts to Protect Enterprise Networks: CERT's NetSA Team

Authors: Timothy J. Shimeall, Julia H. Allen

In this podcast, Timothy Shimeall describes how network defenders and business leaders can use NetSA measures to protect their networks.

November 2009 - Podcast Ensuring Continuity of Operations When Business Is Disrupted

Topics: Cyber Risk and Resilience Management

Authors: Gary Daniels (Marshall & Ilsley Corporation), Julia H. Allen

In this podcast, Gary Daniels explains that providing critical services during times of stress depends on documented, tested business continuity plans.

October 2009 - Podcast Managing Relationships with Business Partners to Achieve Operational Resiliency

Topics: Cyber Risk and Resilience Management

Authors: David W. White, Julia H. Allen

In this podcast, David White explains why a defined, managed process for third party relationships is essential, particularly when business is disrupted.

September 2009 - Audio The Smart Grid: Managing Electrical Power Distribution and Use

Topics: Smart Grid Maturity Model, Cyber Risk and Resilience Management

Authors: Julia H. Allen, James F. Stevens

The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.

September 2009 - Podcast The Smart Grid: Managing Electrical Power Distribution and Use

Topics: Cyber Risk and Resilience Management

Authors: James F. Stevens, Julia H. Allen

In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.

September 2009 - Podcast Electronic Health Records: Challenges for Patient Privacy and Security

Authors: Robert Charette (ITABHI Corporation), Julia H. Allen

In this podcast, Robert Charette explains why electronic health records (EHRs) are possibly the most complicated area of IT today.

August 2009 - Podcast Mitigating Insider Threat: New and Improved Practices

Topics: Insider Threat

Authors: Dawn Cappelli, Randall F. Trzeciak, Andrew P. Moore, Julia H. Allen

Two hundred and eighty-two cases of actual insider attacks suggest 16 best practices for preventing and detecting insider threat.

July 2009 - Podcast Rethinking Risk Management

Topics: Cyber Risk and Resilience Management

Authors: Christopher J. Alberts, Julia H. Allen

In this podcast, Christopher Alberts urges business leaders to adopt new approaches to addressing risks across the life cycle and supply chain.

June 2009 - Podcast The Upside and Downside of Security in the Cloud

Authors: Tim Mather (RSA), Julia H. Allen

In this podcast, Tim Mather advises business leaders considering cloud services to weigh the economic benefits against the security and privacy risks.

May 2009 - Podcast More Targeted, Sophisticated Attacks: Where to Pay Attention

Authors: Martin Linder, Julia H. Allen

In this podcast, Martin Linder urges business leaders to take action to better mitigate sophisticated social engineering attacks.

May 2009 - Podcast Is There Value in Identifying Software Security "Never Events?"

Topics: Software Assurance

Authors: Robert Charette (ITABHI Corporation), Julia H. Allen

In this podcast, Robert Charette suggests when to examine responsibilities when developing software with known, preventable errors.

April 2009 - Podcast Cyber Security, Safety, and Ethics for the Net Generation

Authors: Rodney Petersen (EDUCAUSE), Julia H. Allen

In this podcast, Rodney Peterson explains why capitalizing on the cultural norms of the Net Generation is essential when developing security awareness programs.

April 2009 - Special Report Making the Business Case for Software Assurance

Topics: Cybersecurity Engineering, Software Assurance

Authors: Nancy R. Mead, Julia H. Allen, W. Arthur Conklin, Antonio Drommi, John Harrison, Jeff Ingalsbe (University of Detroit Mercy), James Rainey, Dan Shoemaker (University of Detroit Mercy)

In this report, the authors provide advice for those making a business case for building software assurance into software products during software development.

March 2009 - Podcast An Experience-Based Maturity Model for Software Security

Topics: Software Assurance

Authors: Brian Chess (Fortify Software), Sammy Migues (Cigital), Gary McGraw, Julia H. Allen

In this podcast, participants discuss how observed practice, represented as a maturity model, can serve as a basis for developing more secure software.

March 2009 - Podcast Mainstreaming Secure Coding Practices

Topics: Software Assurance

Authors: Robert C. Seacord, Julia H. Allen

In this podcast, Robert Seacord explains how requiring secure coding practices when building or buying software can dramatically reduce vulnerabilities.

March 2009 - Podcast Security: A Key Enabler of Business Innovation

Authors: Laura Robinson (Robinson Insight), Roland Cloutier (EMC Corporation), Julia H. Allen

In this podcast, participants describe how making security strategic to business innovation involves seven strategies.

February 2009 - Podcast Better Incident Response Through Scenario Based Training

Topics: Incident Management

Authors: Christopher May, Julia H. Allen

In this podcast, Christopher May explains how teams are better prepared to respond to incidents if realistic, hands-on training is part of their normal routine.

February 2009 - Podcast An Alternative to Risk Management for Information and Software Security

Topics: Cyber Risk and Resilience Management

Authors: Brian Chess (Fortify Software), Julia H. Allen

In this podcast, Brian Chess explain how standards, compliance, and process are better than risk management for ensuring information and software security.

January 2009 - Podcast Tackling Tough Challenges: Insights from CERT’s Director Rich Pethia

Authors: Richard D. Pethia, Julia H. Allen

In this podcast, Rich Pethia reflects on the CERT Division's 20-year history and discusses its future IT and security challenges.

January 2009 - Technical Report High-Fidelity E-Learning: The SEI's Virtual Training Environment (VTE)

Topics: Workforce Development

Authors: Jim Wrubel, David W. White, Julia H. Allen

In this 2008 report, the authors compare various approaches and tools used to capture and analyze evidence from computer memory.

December 2008 - Podcast Climate Change: Implications for Information Technology and Security

Authors: Richard Power (Carnegie Mellon CyLab), Julia H. Allen

In this podcast, Richard Power explains how climate change requires new strategies for dealing with traditional IT and information security risks.

November 2008 - Podcast Using High Fidelity, Online Training to Stay Sharp

Authors: Jim Wrubel, Julia H. Allen

In this podcast, Jim Wrubel explains how virtual training environments can deliver high quality content to security professionals on-demand, anywhere, anytime.

November 2008 - Podcast Integrating Security Incident Response and e-Discovery

Topics: Incident Management

Authors: David Matthews (City of Seattle), Julia H. Allen

In this podcast, Julia Allen explains how responding to an e-discovery request involves many of the same steps and roles as responding to a security incident.

October 2008 - Podcast Concrete Steps for Implementing an Information Security Program

Authors: Jennifer Bayuk (No Affiliation), Julia H. Allen

In this podcast, Jennifer Bayuk explains how successful security programs are based on strategy, policy, awareness, implementation, monitoring, and remediation.

October 2008 - Podcast Virtual Communities: Risks and Opportunities

Authors: Jan Wolynski (Royal Canadian Mounted Police), Julia H. Allen

In this podcast, Jan Wolynski advises business leaders to evaluate risks and opportunities when considering conducting business in online, virtual communities.

September 2008 - Podcast Developing Secure Software: Universities as Supply Chain Partners

Topics: Software Assurance

Authors: Mary Ann Davidson (Oracle), Julia H. Allen

In this podcast, Mary Ann Davidson explains how integrating security into university curricula is a key solution to developing more secure software.

September 2008 - Podcast Security Risk Assessment Using OCTAVE Allegro

Topics: Cyber Risk and Resilience Management

Authors: Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services.

September 2008 - Podcast Getting to a Useful Set of Security Metrics

Topics: Measurement and Analysis

Authors: Clint Kreitner (The Center for Internet Security), Julia H. Allen

Well-defined metrics are essential to determine which security practices are worth the investment.

August 2008 - Podcast How to Start a Secure Software Development Program

Topics: Software Assurance

Authors: Gary McGraw, Julia H. Allen

In this podcast, Gary McGraw explains how to achieve software security by thinking like an attacker and integrating practices into the development lifecycle.

August 2008 - Podcast Managing Risk to Critical Infrastructures at the National Level

Authors: Bradford J. Willke, Julia H. Allen

In this podcast, Bradford Willke explain how protecting critical infrastructures and the information they use are essential for preserving our way of life.

July 2008 - Podcast Analyzing Internet Traffic for Better Cyber Situational Awareness

Topics: Incident Management

Authors: Derek Gabbard, Julia H. Allen

In this podcast, Derek Gabbard discusses automation, innovation, reaction, and expansion as the foundation for meaningful network traffic intelligence.

July 2008 - Podcast Managing Security Vulnerabilities Based on What Matters Most

Topics: Incident Management

Authors: Art Manion, Julia H. Allen

In this podcast, Art Manion explains that determining which security vulnerabilities to address should be based on the importance of the information asset.

July 2008 - Podcast Identifying Software Security Requirements Early, Not After the Fact

Topics: Software Assurance

Authors: Nancy R. Mead, Julia H. Allen

In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.

June 2008 - Podcast Making Information Security Policy Happen

Authors: Paul Love (The Standard), Julia H. Allen

In this podcast, Paul Love argues that targeted, innovative communications and a robust lifecycle are keys for security policy success.

June 2008 - Podcast Becoming a Smart Buyer of Software

Topics: Software Assurance

Authors: Brian P. Gallagher, Julia H. Allen

Managing software that is developed by an outside organization can be more challenging than building it yourself.

May 2008 - Podcast Building More Secure Software

Topics: Software Assurance

Authors: Bill Pollak, Julia H. Allen

In this podcast, Julia Allen explains how software security is about building more defect-free software to reduce vulnerabilities targeted by attackers.

May 2008 - Podcast Connecting the Dots Between IT Operations and Security

Authors: Gene Kim (IP Services and ITPI), Julia H. Allen

In this podcast, Gene Kim describes how high performing organizations must integrate information security controls into their IT operational processes.

April 2008 - Podcast Getting in Front of Social Engineering

Authors: Gary Hinson (No Affiliation), Julia H. Allen

In this podcast, Betsy Nichols tells us how benchmark results can compare results with peers, drive performance, and help determine how much security is enough.

April 2008 - Podcast Using Benchmarks to Make Better Security Decisions

Topics: Measurement and Analysis

Authors: Betsy Nichols (PlexLogic), Julia H. Allen

In this podcast, Betsy Nichols describes how benchmark results can be used to help determine how much security is enough.

April 2008 - Podcast Protecting Information Privacy - How To and Lessons Learned

Authors: Kim Hargraves (Microsoft), Julia H. Allen

In this podcast, Kim Hargraves describes three keys to ensuring information privacy in an organization.

March 2008 - Podcast Initiating a Security Metrics Program: Key Points to Consider

Topics: Measurement and Analysis

Authors: Samuel A. Merrell, Julia H. Allen

In this podcast, Samuel Merrell explains that a sound security metrics program should select data relevant to consumers from repeatable processes.

March 2008 - Podcast Insider Threat and the Software Development Life Cycle

Topics: Insider Threat

Authors: Dawn Cappelli, Julia H. Allen

In this podcast, Dawn Cappelli explains how insider threat vulnerabilities can be introduced during all phases of the software development lifecycle.

March 2008 - Book Software Security Engineering: A Guide for Project Managers

Topics: Cybersecurity Engineering

Authors: Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead

In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.

February 2008 - Presentation The Art of Information Security Governance

Authors: Julia H. Allen

This presentation was given at the Qatar Information Security Forum, 24 February 2008.

February 2008 - Podcast Tackling the Growing Botnet Threat

Authors: Nicholas Ianelli, Julia H. Allen

In this podcast, Nicholas Ianelli cautions business leaders to understand the risks to their organizations caused by the proliferation of botnets.

February 2008 - Podcast Building a Security Metrics Program

Topics: Measurement and Analysis

Authors: Betsy Nichols (PlexLogic), Julia H. Allen

In this podcast, Betsy Nichols explains that reporting meaningful security metrics depends on topic selection, context definition, and data access.

January 2008 - Podcast Inadvertent Data Disclosure on Peer-to-Peer Networks

Authors: M. Eric Johnson (Dartmouth College), Scott Dynes (Dartmouth College), Julia H. Allen

In this podcast, participants discuss how peer-to-peer networks are being used to unintentionally disclose government, commercial, and personal information.

January 2008 - Podcast Information Compliance: A Growing Challenge for Business Leaders

Authors: Tom Smedinghoff (Wildman Harrold), Julia H. Allen

In this podcast, Tom Smedinghoff reminds directors and executives that they are personally accountable for protecting information entrusted to their care.

December 2007 - Podcast Internal Audit's Role in Information Security: An Introduction

Authors: Dan Swanson (Dan Swanson and Associates), Julia H. Allen

In this podcast, Dan Swanson explains how an internal audit can serve a key role in establishing an effective information security program.

November 2007 - Podcast The Path from Information Security Risk Assessment to Compliance

Topics: Cyber Risk and Resilience Management

Authors: William R. Wilson, Julia H. Allen

In this podcast, William Wilson explains how an information security risk assessment, performed with operational risk management, can contribute to compliance.

November 2007 - Presentation Governing for Enterprise Security: An Implementation Guide

Authors: Julia H. Allen

presentation given at the Security Management Conference, November 7, 2007

October 2007 - Podcast Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity

Topics: Cyber Risk and Resilience Management

Authors: Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young suggests that by taking a holistic view of business resilience, business leaders can help their organizations stand up to threats.

September 2007 - Podcast Dual Perspectives: A CIO's and CISO's Take on Security

Authors: Patty Morrison (Motorola), Bill Boni (Motorola), Julia H. Allen

In this podcast, participants explain that since you can't secure everything, managing security risk to a "commercially reasonable degree" is best.

August 2007 - Podcast Tackling Security at the National Level: A Resource for Leaders

Authors: Jeffrey J. Carpenter, Julia H. Allen

In this podcast, Clint Kreitner explains how information security costs can be reduced by enforcing standard configurations for widely deployed systems.

August 2007 - Podcast Reducing Security Costs with Standard Configurations: U.S. Government Initiatives

Authors: Clint Kreitner (The Center for Internet Security), Julia H. Allen

In this podcast, participants explain that since you can't secure everything, , managing security risk to a "commercially reasonable degree" is best.

August 2007 - Technical Note Governing for Enterprise Security (GES) Implementation Guide

Authors: Julia H. Allen, Jody R. Westby

In this 2007 report, the authors provide prescriptive guidance for creating and sustaining an enterprise security governance program.

July 2007 - Podcast Using Standards to Build an Information Security Program

Authors: William R. Wilson, Julia H. Allen

In this podcast, William Wilson explains how business leaders can use international standards to create a business- and risk-based information security program.

June 2007 - Podcast Getting Real About Security Governance

Authors: Julia H. Allen, Stephanie Losi

In this podcast, participants explain that enterprise security governance can be achieved by implementing a defined, repeatable process.

June 2007 - Podcast Convergence: Integrating Physical and IT Security

Authors: Brian Contos (ArcSight), Bill Crowell (No Affiliation), Julia H. Allen

In this podcast, participants recommend deploying common solutions for physical and IT security as a cost-effective way to reduce risk and save money.

March 2007 - White Paper Governing for Enterprise Security (GES) Implementation Guide Article 3: Enterprise Security Governance Activities

Authors: Jody R. Westby, Julia H. Allen

Governing for Enterprise Security (GES) Implementation Guide Article 3: Enterprise Security Governance Activities

February 2007 - Podcast Assuring Mission Success in Complex Environments

Topics: Cyber Risk and Resilience Management

Authors: Christopher J. Alberts, Julia H. Allen

In this podcast, participants discuss analysis tools for assessing complex organizational and technological issues that are beyond traditional approaches.

February 2007 - White Paper Governing for Enterprise Security (GES) Implementation Guide Article 1: Characteristics of Effective Security Governance1

Authors: Julia H. Allen, Jody R. Westby

Governing for Enterprise Security (GES) Implementation Guide Article 1: Characteristics of Effective Security Governance1

January 2007 - Podcast Building Staff Competence in Security

Authors: Barbara Laswell, Julia H. Allen

In this podcast, Barbara Laswell describes specifications that define the knowledge, skills, and competencies required for a range of security positions.

December 2006 - Podcast Evolving Business Models, Threats, and Technologies: A Conversation with CERT's Deputy Director for Technology

Authors: Thomas A. Longstaff, Julia H. Allen

In this podcast, participants discuss how business models are evolving as security threats become more covert and technology enables information migration.

November 2006 - Podcast Protecting Against Insider Threat

Topics: Insider Threat

Authors: Dawn Cappelli, Julia H. Allen

In this podcast, Dawn Cappelli describes the real and substantial threat of attack from insiders.

October 2006 - Podcast CERT Lessons Learned: A Conversation with Rich Pethia, Director of CERT

Authors: Richard D. Pethia, Julia H. Allen

In this podcast, Richard Pethia voices his view of the internet security landscape and the future of the CERT Division.

October 2006 - Podcast The ROI of Security

Topics: Measurement and Analysis

Authors: Stephanie Losi, Julia H. Allen

In this podcast, Julia Allen explains how ROI is a useful tool because it enables comparison among investments in a consistent way.

October 2006 - Podcast Compliance vs. Buy-in

Authors: Julia H. Allen, Stephanie Losi

In this podcast, Julia Allen explains why integrating security into standard business processes is more effective than treating security as a compliance task.

October 2006 - Podcast Why Leaders Should Care About Security

Authors: Bill Pollak, Julia H. Allen

In this podcast, Julia Allen urges leaders to be security conscious and treat adequate security as a non-negotiable requirement of being in business.

October 2006 - Podcast Proactive Remedies for Rising Threats

Authors: Martin Linder, Stephanie Losi, Julia H. Allen

In this podcast, participants discuss how threats to information security are increasingly stealthy and must be mitigated through sound policy and strategy.

June 2005 - Technical Note Governing for Enterprise Security

Authors: Julia H. Allen

In this 2005 report, Julia Allen examines governance thinking, principles, and approaches and applies them to the subject of enterprise security.

May 2005 - Presentation Information Security as an Institutional Priority

Authors: Julia H. Allen

This presentation on information security as an institutional priority was delivered by Julia Allen in 2005.

January 2005 - Presentation Governing for Enterprise Security (Presentation)

Authors: Julia H. Allen

This 2005 presentation addresses various issues related to governance.

December 2004 - Technical Note Managing for Enterprise Security

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, James F. Stevens, Bradford J. Willke, William R. Wilson

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.

April 2004 - Presentation Building a Practical Framework for Enterprise-Wide Security Management

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Kevin Behr (IP Services and ITPI), Richard A. Caralli, Eileen C. Forrester, Gene Kim (IP Services and ITPI), Larry Rogers, Jeannine Siviy, William R. Wilson

In this presentation, the authors describe a practical framework for enterprise-wide security management as developed by the CERT Division.

October 2001 - Technical Report OCTAVE Catalog of Practices, Version 2.0

Topics: Cyber Risk and Resilience Management

Authors: Cecilia Albert, Audrey J. Dorofee, Julia H. Allen

In this report, the authors describe OCTAVE practices, which enable organizations to identify risks and mitigate them.

June 2001 - Book CERT Guide To System and Network Security Practices

Topics: Network Situational Awareness

Authors: Julia H. Allen

In this book, Julia Allen describes practices and offers guidance for protecting systems and networks against malicious and inadvertent compromise.

May 2000 - Security Improvement Module Securing Public Web Servers

Authors: Klaus-Peter Kossakowski, Julia H. Allen

The practices recommended in this 2000 report are designed to help administrators mitigate the risks associated with several known security problems.

April 2000 - Security Improvement Module Securing Network Servers (2000)

Authors: Julia H. Allen, Klaus-Peter Kossakowski, Gary Ford, Suresh Konda, Derek Simmel

The practices recommended in this report from 2000 are designed to help administrators configure and deploy network servers that satisfy organizational security requirements.

January 2000 - Technical Report State of the Practice of Intrusion Detection Technologies

Authors: Julia H. Allen, Alan M. Christie, William L. Fithen, John McHugh, Jed Pickel, Ed Stoner

This report provides an unbiasedassessment of publicly available ID technology. The report also outlines relevant issues for the research community as they formulate research directions and allocate funds.

October 1999 - Security Improvement Module Deploying Firewalls

Authors: William L. Fithen, Julia H. Allen, Ed Stoner

This document helps organizations improve the security of their networked computer systems by illustrating how to design and deploy a firewall.

February 1999 - Security Improvement Module Securing Desktop Workstations

Authors: Derek Simmel, Gary Ford, Julia H. Allen, Cecilia Albert, Barbara Fraser, Eric Hayes, John Kochmar, Suresh Konda

The practices recommended in this 1999 report are designed to help you configure and deploy networked workstations that satisfy your organization‰s security requirements. The practices may also be useful in examining the configuration of previously deployed workstations.

February 1999 - Security Improvement Module Responding to Intrusions

Authors: Klaus-Peter Kossakowski, William R. Wilson, Julia H. Allen, Cecilia Albert, Cory Cohen, Gary Ford, Barbara Fraser, Eric Hayes, John Kochmar, Suresh Konda

This 1999 report is one of a series of SEI publications that are intended to provide practical guidance to help organizations improve the security of their networked computer systems. This report is intended for system and network administrators, managers of information systems, and security personnel responsible for networked information resources.

February 1999 - Security Improvement Module Securing Network Servers (1999)

Authors: Gary Ford, Dwayne Vermeulen, Julia H. Allen, Cecilia Albert, Barbara Fraser, Eric Hayes, John Kochmar, Suresh Konda, Klaus-Peter Kossakowski, Derek Simmel

The practices recommended in this 1999 report are designed to help administrators configure and deploy network servers that satisfy organizational security requirements.

June 1998 - Security Improvement Module Preparing to Detect Signs of Intrusion

Authors: John Kochmar, Julia H. Allen, Cecilia Albert, Cory Cohen, Gary Ford, Barbara Fraser, Suresh Konda, Klaus-Peter Kossakowski, Derek Simmel

The practices contained in this 1998 report identify advance preparations you must make to enable you to obtain evidence of an intrusion or an intrusion attempt.

January 1998 - Security Improvement Module Security for Information Technology Service Contracts

Authors: Julia H. Allen, Gary Ford, Barbara Fraser, John Kochmar, Suresh Konda, Derek Simmel, Lisa Cunningham

This 1998 document is one of a new series of publications of the Software EngineeringInstitute at Carnegie Mellon University,security improvement modules.They are intended to provide concrete, practical guidance that will help organizationsimprove the security of their networked computer systems.