Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date


Transforming Your Operational Resilience Management Capabilities: CERT’s Resilience Management Model

  • Watch

    Loading the video......
  • Abstract

    Organizations can't plan for every disruption. They need to be able to handle stressors in their risk environment at a moment's notice and with a predictable level of performance. Resilience management is a process that helps organizations establish, improve, and sustain the maturity of their operational resilience management system and their ability to fulfill their business missions despite disruptions such as cyber security attacks or breaches, regional infrastructure failures, and natural disasters. 

    The CERT Resilience Management Model is a capability model related to CMMI models that provides a foundation for a process improvement approach to operational resilience management. It defines the essential organizational processes, goals, and practices that are necessary to manage operational resilience. CERT-RMM can extend an organization's ability to develop, deploy, operate, and maintain resilient assets and services throughout their lifecycle.   

    Rich Caralli, the architect of the model, will describe how an organization can use the model to transform its operational resilience management program by understanding its capability level, setting forward-looking resiliency goals and targets, and developing plans to close identified gaps. He will provide the most up-to-date information on the model and related elements (such as appraisals, training, and certification) as well as insight into how the model is being used.  In addition, Rich will address how the use of CERT-RMM can help organizations meet the provisions of FEMA's proposed PS-Prep voluntary certification program while also providing a meaningful and transformative path to improving the predictability of their resilience under times of stress.  Finally, Rich will provide a preview of a new area of CERT work in resilience measurement and analysis.

    About the Speaker

    Richard Caralli is the Technical Manager of the Resilient Enterprise Management (REM) team within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, Pa. The REM team performs applied research and development in the areas of resilience management, critical infrastructure protection, information resilience, and resilience measurement and analysis. The team also has responsibility for the ongoing development and evolution of the SEI Smart Grid Maturity Model (SGMM).  

    Before joining the SEI, Caralli was responsible for developing the information security assessment and risk management capabilities of the CyberSecurity Center at Carnegie Mellon Research Institute. In addition, Caralli has over 25 years of experience in information technology (particularly systems analysis and information systems audit and security) in Fortune 1000 companies covering the banking and finance, steel production, manufacturing, and energy industries.

  • Slides