James J. Cebula

Software Engineering Institute

Jim Cebula is an SEI alumni employee.

Jim Cebula is the Technical Manager of the Cybersecurity Risk Management Team within the CERT Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Jim's current work focuses on risk management and information resilience, critical infrastructure resilience assessment, cloud computing, and cyber insurance. Jim joined CERT in 2009 after spending nearly 15 years in project management, IT, and security roles with Bechtel Corporation, most recently as a cybersecurity manager. He is a Certified Information Systems Security Professional (CISSP) and is a member of IEEE, ACM, and InfraGard.

Publications by James J. Cebula

CERT Cyber Risk Insurance Symposium Overview

April 09, 2015 • Audio

Summer C. Fowler James J. Cebula Julia H. Allen

In this interview, Summer Fowler and Jim Cebula provide an overview of the May 2015 CERT Cyber Risk Insurance Symposium.
listen
Cyber Insurance and Its Role in Mitigating Cybersecurity Risk

January 08, 2015 • Podcast

James J. Cebula David W. White Julia H. Allen

In this podcast, Jim Cebula and David White discuss cyber insurance and its potential role in reducing operational and cybersecurity risk.
learn more
A Taxonomy of Operational Risks for Cyber Security

October 07, 2014 • Podcast

James J. Cebula Julia H. Allen

In this podcast, James Cebula describes how to use a taxonomy to increase confidence that your organization is identifying cyber security risks.
learn more
Overview of the CERT® Resilience Management Model (CERT®-RMM)

June 16, 2014 • Webinar

James J. Cebula

Watch James Cebula discuss the "Overview of the CERT® Resilience Management Model" from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain
watch
A Taxonomy of Operational Cyber Security Risks Version 2

May 21, 2014 • Technical Note

James J. Cebula Mary Popeck Lisa R. Young

This second version of the 2010 report presents a taxonomy of operational cyber security risks and harmonizes it with other risk and security activities.
read
Integrated, Enterprise-Wide Risk Management: NIST 800-39 and CERT-RMM

March 29, 2011 • Podcast

Ron Ross (NIST)James J. Cebula Julia H. Allen

In this podcast, participants explain why and how business leaders must address risk at the enterprise, business process, and system levels.
learn more
Risk and Resilience: Considerations for Information Security Risk Assessment and Management

February 01, 2011 • Presentation

Julia H. Allen James J. Cebula

In this presentation, the authors introduce audience members to the CERT Resilience Management Model.
read
A Taxonomy of Operational Cyber Security Risks

December 01, 2010 • Technical Note

James J. Cebula Lisa R. Young

In this report, the authors present a taxonomy of operational cyber security risks and its harmonization with other risk and security activities.
read