Charles M. Wallen

CERT Division, Software Engineering Institute

Charles M. Wallen has been a thought leader in operations and IT risk management for over 20 years. He has provided consulting to public and private organizations, led industry-wide initiatives, and managed global operations risk management and governance programs at American Express and Bank of America.

Charles works closely with the CERT Division of Carnegie Mellon University’s Software Engineering Institute as a Senior Member of the Technical Staff. His work at CERT focuses on resilience management, external dependency risk management, and critical infrastructure protection. He is a Principal with Spectrum Consulting Services, in Dallas, Texas, which he formed in 2004. Spectrum provides management consulting to a variety of industries, specializing in operations risk management, cybersecurity, business continuity, supplier oversight, and governance.

Publications by Charles M. Wallen

Addressing Supply Chain Risk and Resilience for Software-Reliant Systems

February 20, 2023 • Webinar

Carol Woody, PhD Charles M. Wallen

In this webcast, Carol Woody and Charles Wallen discuss the Acquisition Security Framework (ASF) and how the ASF provides a roadmap to help organizations build security and resilience into a system.
watch
Acquisition Security Framework (ASF): Managing Systems Cybersecurity Risk

November 11, 2022 • Technical Note

Christopher J. Alberts Michael S. Bandor Charles M. Wallen

This report provides an overview of the Acquisition Security Framework (ASF), a description of the practices developed thus far, and a plan for completing the ASF body of work.
read
Acquisition Security Framework (ASF): An Acquisition and Supplier Perspective on Managing Software-Intensive Systems’ Cybersecurity Risk

October 04, 2022 • White Paper

Christopher J. Alberts Michael S. Bandor Charles M. Wallen

The Acquisition Security Framework (ASF) contains practices that support programs acquiring/building a secure, resilient software-reliant system to manage risks.
read
Cloud Increases the Role of Acquisition in Cybersecurity

April 06, 2020 • Article

Carol Woody, PhD Christopher J. Alberts John Klein

This article describes how an organization might address cybersecurity when it adopts cloud technology to replace physical data centers and monitoring and testing can no longer be performed directly on the equipment the system uses.
read
Operational Test & Evaluation (OT&E) Roadmap for Cloud-Based Systems

September 02, 2019 • White Paper

Carol Woody, PhD Christopher J. Alberts John Klein

This paper provides an overview of the preparation and work that the AEC needs to perform to successfully transition the Army to cloud computing.
read
Cyber Hygiene: A Baseline Set of Practices

November 15, 2017 • Presentation

Matthew Trevors Charles M. Wallen

The CERT Division's Cybersecurity Hygiene is a set of 11 practice areas for managing the most common and pervasive cybersecurity risks faced by organizations.
read
Assessing DoD System Acquisition Supply Chain Risk Management

May 01, 2017 • Article

Christopher J. Alberts John Haller Charles M. Wallen

In this Crosstalk article, the authors discuss the growing challenge of cyber risks in the defense supply chain.
read
Managing Third Party Risk in Financial Services Organizations: A Resilience-Based Approach

September 27, 2016 • White Paper

John Haller Charles M. Wallen

A resilience-based approach can help financial services organizations to manage cybersecurity risks from outsourcing and comply with federal regulations.
read
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

May 01, 2007 • Technical Report

Richard A. Caralli James F. Stevens Charles M. Wallen (Financial Services Technology Consortium)

In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
read
Resiliency Engineering Framework Project Update

October 11, 2006 • Presentation

David W. White Charles M. Wallen (Financial Services Technology Consortium)

This presentation provides an update of the Resiliency Engineering Framework project being conducted by the Software Engineering Institute's CERT program. It was delivered by David White and Charles Wallen at the FSTC annual meeting on October 11, 2006.
read
Operational Resiliency Management: An Introduction to the Resiliency Engineering Framework

September 20, 2006 • Presentation

Richard A. Caralli Charles M. Wallen (Financial Services Technology Consortium)

In this presentation, Ron McLeod discusses a partnership with TARA to analyze the outbound and inbound traffic in networks of convenience.
read