Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Lisa R. Young
October 2016 - Podcast Becoming a CISO: Formal and Informal Requirements

Authors: Darrell Keeling (Parkview Health), Lisa R. Young

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field.

August 2016 - Video SEI Cyber Minute: CERT Resilience Management Model (RMM)

Authors: Lisa R. Young

Lisa Young discusses "CERT Resilience Management Model (RMM)."

July 2016 - Podcast Global Value Chain – An Expanded View of the ICT Supply Chain

Topics: Cyber Risk and Resilience Management

Authors: Edna M. Conway (Cisco Systems, Inc.), John Haller, Lisa R. Young

In this podcast, Edna Conway and John Haller discuss the global value chain for organizations and critical infrastructures and how this expanded view can be used to improve ICT supply chain management, including risks to the supply chain.

July 2016 - Video SEI Cyber Minute: Managing Operational Risk

Authors: Lisa R. Young

Lisa Young discusses "Managing Operational Risk."

June 2016 - Podcast Intelligence Preparation for Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Douglas Gray, Lisa R. Young

In this podcast, Douglas Gray, a member of the CERT Cyber Risk Management team, discusses how to operationalize intelligence products to build operational resilience of organizational assets and services using IPOR.

February 2016 - Presentation Measuring What Matters

Topics: Cybersecurity Engineering, Measurement and Analysis

Authors: Lisa R. Young

In this presentation, Lisa Young discusses how to measure the things that matter to your business.

February 2016 - Podcast Build Security In Maturity Model (BSIMM) – Practices from Seventy Eight Organizations

Topics: Software Assurance, Secure Coding, Cybersecurity Engineering

Authors: Gary McGraw, Lisa R. Young

In this podcast, Gary McGraw, the Chief Technology Officer for Cigital, discusses the latest version of BSIMM and how to take advantage of observed practices from high-performing organizations.

December 2015 - Podcast Structuring the Chief Information Security Officer Organization

Authors: Nader Mehravari, Julia H. Allen, Lisa R. Young

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.

November 2015 - Podcast How Cyber Insurance Is Driving Risk and Technology Management

Topics: Cyber Risk and Resilience Management

Authors: Chip Block, Lisa R. Young

In this podcast, Chip Block, Vice President at Evolver, discusses the growth of the cyber insurance industry and how it is beginning to drive the way that organizations manage risk and invest in technologies.

October 2015 - Podcast How the University of Pittsburgh Is Using the NIST Cybersecurity Framework

Topics: Cyber Risk and Resilience Management

Authors: Sean Sweeney (University of Pittsburgh), Lisa R. Young

In this podcast, Sean Sweeney, Information Security Officer (ISO) for the University of Pittsburgh (PITT), discusses their use of the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).

March 2015 - Technical Note Defining a Maturity Scale for Governing Operational Resilience

Topics: Cyber Risk and Resilience Management

Authors: Katie C. Stewart, Julia H. Allen, Audrey J. Dorofee, Michelle A. Valdez, Lisa R. Young

Governing operational resilience requires the appropriate level of sponsorship, a commitment to strategic planning that includes resilience objectives, and proper oversight of operational resilience activities.

February 2015 - Podcast A Workshop on Measuring What Matters

Topics: Measurement and Analysis

Authors: Lisa R. Young, Michelle A. Valdez, Katie C. Stewart, Julia H. Allen

This podcast summarizes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences planning and executing the workshop and identifying improvements for future offerings.

February 2015 - Technical Note Measuring What Matters Workshop Report

Topics: Risk and Opportunity Management, Cyber Risk and Resilience Management

Authors: Katie C. Stewart, Julia H. Allen, Michelle A. Valdez, Lisa R. Young

This report describes the inaugural Measuring What Matters Workshop conducted in November 2014, and the team's experiences in planning and executing the workshop and identifying improvements for future offerings.

June 2014 - Technical Note CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 2

Topics: Cyber Risk and Resilience Management

Authors: Kevin G. Partridge, Mary Popeck, Lisa R. Young

This update to Version 1 of this same title (CMU/SEI-2011-TN-028) maps CERT-RMM process areas to certain NIST 800-series special publications.

May 2014 - Technical Note A Taxonomy of Operational Cyber Security Risks Version 2

Topics: Insider Threat, Cybersecurity Engineering, Cyber Risk and Resilience Management

Authors: James J. Cebula, Mary Popeck, Lisa R. Young

This second version of the 2010 report presents a taxonomy of operational cyber security risks and harmonizes it with other risk and security activities.

October 2013 - Technical Note CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication 800-66 Crosswalk

Topics: Cyber Risk and Resilience Management

Authors: Lisa R. Young, Ma-Nyahn Kromah (SunGard Availability Services)

In this report, the authors map CERT-RMM process areas to key activities in NIST Special Publication 800-66 Revision 1.

July 2012 - Podcast Insights from the First CERT Resilience Management Model Users Group

Topics: Cyber Risk and Resilience Management

Authors: Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young explains that implementing CERT-RMM requires well-defined improvement objectives, sponsorship, and more.

April 2012 - Technical Note Report from the First CERT-RMM Users Group Workshop Series

Topics: Cyber Risk and Resilience Management

Authors: Julia H. Allen, Lisa R. Young

In this report, the authors describe the first CERT RMM Users Group (RUG) Workshop Series and the experiences of participating members and CERT staff.

November 2011 - Technical Note CERT® Resilience Management Model (CERT®-RMM) V1.1: NIST Special Publication Crosswalk Version 1

Topics: Cyber Risk and Resilience Management

Authors: Kevin G. Partridge, Lisa R. Young

In this report, the authors map CERT-RMM process areas to selected NIST special publications in the 800 series.

October 2011 - Technical Note CERT® Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1

Topics: Cyber Risk and Resilience Management, Process Improvement

Authors: Kevin G. Partridge, Lisa R. Young

In this report, the authors explain how CERT-RMM process areas, industry standards, and codes of practice are used by organizations in an operational setting.

December 2010 - Technical Note A Taxonomy of Operational Cyber Security Risks

Topics: Cyber Risk and Resilience Management

Authors: James J. Cebula, Lisa R. Young

In this report, the authors present a taxonomy of operational cyber security risks and its harmonization with other risk and security activities.

May 2010 - Technical Report CERT Resilience Management Model, Version 1.0

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, Pamela D. Curtis, David W. White, Lisa R. Young

In this report, the authors present CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.

September 2008 - Podcast Security Risk Assessment Using OCTAVE Allegro

Topics: Cyber Risk and Resilience Management

Authors: Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young describes OCTAVE Allegro, a streamlined assessment method that focuses on risks to information used by critical business services.

October 2007 - Podcast Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity

Topics: Cyber Risk and Resilience Management

Authors: Lisa R. Young, Julia H. Allen

In this podcast, Lisa Young suggests that by taking a holistic view of business resilience, business leaders can help their organizations stand up to threats.

May 2007 - Technical Report Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Charles M. Wallen (Financial Services Technology Consortium), David W. White, William R. Wilson, Lisa R. Young

In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.

May 2007 - Technical Report Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Lisa R. Young, William R. Wilson

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.

November 2006 - Presentation Focus on Resiliency: A Process Improvement Approach to Security

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Lisa R. Young

In this CSI 33rd Annual Security Conference presentation, Rich Caralli and Lisa Young discuss resiliency and a process improvement approach to security.

May 2006 - Technical Note Applying OCTAVE: Practitioners Report

Topics: Cyber Risk and Resilience Management

Authors: Carol Woody, Johnathan Coleman (No Affiliation), Michael Fancher (No Affiliation), Carol Myers (No Affiliation), Lisa R. Young

In this report, the authors describe how OCTAVE has been used and tailored to fit a wide range of organizational risk assessment needs.