In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field.
Authors: Lisa R. Young
Lisa Young discusses "CERT Resilience Management Model (RMM)."
In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain.
Authors: Lisa R. Young
Lisa Young discusses "Managing Operational Risk."
In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR.
Authors: Lisa R. Young
In this presentation, Lisa Young discusses how to measure the things that matter to your business.
In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations.
In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.
In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies.
In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).
Governing operational resilience requires the appropriate level of sponsorship, a commitment to strategic planning that includes resilience objectives, and proper oversight of operational resilience activities.
Topics: Measurement and Analysis
This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop and identifying improvements for future offerings.
This report describes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences in planning and executing the workshop and identifying improvements for future offerings.
This update to Version 1 of this same title (CMU/SEI-2011-TN-028) maps CERT-RMM process areas to certain NIST 800-series special publications.
This second version of the 2010 report presents a taxonomy of operational cyber security risks and harmonizes it with other risk and security activities.
In this report, the authors map CERT-RMM process areas to key activities in NIST Special Publication 800-66 Revision 1.
In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more.
In this report, the authors describe the first CERT RMM Users Group (RUG) Workshop Series and the experiences of participating members and CERT staff.
In this report, the authors map CERT-RMM process areas to selected NIST special publications in the 800 series.
In this report, the authors explain how CERT-RMM process areas, industry standards, and codes of practice are used by organizations in an operational setting.
In this report, the authors present a taxonomy of operational cyber security risks and its harmonization with other risk and security activities.
In this report, the authors present CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.
In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services.
In this podcast, Lisa Young suggests that by taking a holistic view of business resilience, business leaders can help their organizations stand up to threats.
In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.
In this CSI 33rd Annual Security Conference presentation, Rich Caralli and Lisa Young discuss resiliency and a process improvement approach to security.
In this report, the authors describe how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs.