Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Nader Mehravari (Axio Global)
September 2017 - Technical Note Defining a Progress Metric for CERT-RMM Improvement

Topics: Cyber Risk and Resilience Management

Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.

April 2016 - Webinar Structuring the Chief Information Security Officer Organization

Topics: Risk and Opportunity Management

This webinar described a CISO organizational structure and functions for a typical large, diverse organization using input from CISOs, policies, frameworks, maturity models, standards, and codes of practice.

December 2015 - Podcast Structuring the Chief Information Security Officer Organization

In this podcast, Nader Mehravari and Julia Allen, members of the CERT Cyber Risk Management team, discuss an effective approach for defining a CISO team structure and functions for large, diverse organizations.

October 2015 - Technical Note Structuring the Chief Information Security Officer Organization

Topics: Cyber Risk and Resilience Management

The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.

February 2015 - Technical Note A Proven Method for Meeting Export Control Objectives in Postal and Shipping Sectors

Topics: Cyber Risk and Resilience Management

This report describes how the CERT-RMM enabled the USPIS to implement an innovative approach for achieving complex international mail export control objectives.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: International Mail Transportation (Version 1.0)

Topics: Cyber Risk and Resilience Management

This report describes a new process area that ensures that international mail is transported according to Universal Postal Union standards.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: Mail Revenue Assurance (Version 1.0)

Topics: Cyber Risk and Resilience Management

This report describes a new process area that ensures that the USPS is compensated for mail that is accepted, transported, and delivered.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: Mail Induction (Version 1.0)

Topics: Cyber Risk and Resilience Management

This report describes a new process area that ensures that mail is inducted into the U.S. domestic mail stream according to USPS standards and requirements.

June 2014 - Webinar Recent Federal Policies Affecting the Cybersecurity and Resiliency Landscape

Topics: Cyber Risk and Resilience Management, Process Improvement, Risk and Opportunity Management

Authors: Nader Mehravari

Watch Nader Mehravari discuss "Recent Federal Policies Affecting the Cybersecurity and Resiliency Landscape" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain

June 2014 - Webinar ABCs of Operational Resilience

Topics: Cyber Risk and Resilience Management, Risk and Opportunity Management

Authors: Nader Mehravari

Watch Nader Mehravari discuss the "ABCs of Operational Resilience" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain.

June 2014 - Webinar Everything You Always Wanted to Know About Maturity Models

Topics: Cyber Risk and Resilience Management, Risk and Opportunity Management

Authors: Nader Mehravari

Watch Nader Mehravari discuss “Everything You Always Wanted to Know About Maturity Models” from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain.

January 2014 - Technical Note A Proven Method for Identifying Security Gaps in International Postal and Transportation Critical Infrastructure

Topics: Cyber Risk and Resilience Management

In this report, the authors describe a method of identifying physical security gaps in international mail processing centers and similar facilities.

November 2013 - Article Resilience Management Through the Use of CERT-RMM and Associated Success Stories

Topics: Cyber Risk and Resilience Management

Authors: Nader Mehravari

In this paper, Nader Mehravari shares practical and successful applications of CERT-RMM from a wide variety of organizations.

August 2013 - Webinar Achieving Mission Assurance Through Resilience Management

Topics: Cyber Risk and Resilience Management, Process Improvement, Risk and Opportunity Management

Authors: Nader Mehravari

In this August 2013 webinar, Nader Mehravari discusses how to protect and sustain the mission and business operations of an organization.

June 2013 - Podcast Managing Disruptive Events - CERT-RMM Experience Reports

Topics: Cyber Risk and Resilience Management

In this podcast, the participants describe four experience reports that demonstrate how the CERT-RMM can be applied to manage operational risks.

January 2013 - Podcast Managing Disruptive Events: Demand for an Integrated Approach to Better Manage Risk

Topics: Cyber Risk and Resilience Management

In this podcast, Nader Mehravari describes how governments and markets are calling for the integration of plans for and responses to disruptive events.

December 2012 - Podcast Managing Disruptive Events: Making the Case for Operational Resilience

Topics: Cyber Risk and Resilience Management

In this podcast, Nader Mehravari describes how today's high-risk, global, fast, and very public business environment demands a more integrated approach.

December 2012 - Technical Note Analyzing Cases of Resilience Success and Failure - A Research Study

Topics: Cyber Risk and Resilience Management

In this report, the authors describe research aimed at helping organizations to know the business value of implementing resilience processes and practices.

March 2011 - Presentation Application of the CERT Resilience Management Model at Lockheed Martin

Topics: Cyber Risk and Resilience Management

In this presentation, the authors describe using CERT-RMM to improve business continuity, IT disaster recovery, crisis management, and pandemic-planning.