Charles M. Wallen
CERT Division, Software Engineering Institute
Charles M. Wallen has been a thought leader in operations and IT risk management for over 20 years. He has provided consulting to public and private organizations, led industry-wide initiatives, and managed global operations risk management and governance programs at American Express and Bank of America.
Charles works closely with the CERT Division of Carnegie Mellon University’s Software Engineering Institute as a Senior Member of the Technical Staff. His work at CERT focuses on resilience management, external dependency risk management, and critical infrastructure protection. He is a Principal with Spectrum Consulting Services, in Dallas, Texas, which he formed in 2004. Spectrum provides management consulting to a variety of industries, specializing in operations risk management, cybersecurity, business continuity, supplier oversight, and governance.
Publications by Charles M. Wallen
-
Addressing Supply Chain Risk and Resilience for Software-Reliant Systems
February 20, 2023 • Webinar
Carol Woody, PhDCharles M. Wallen
In this webcast, Carol Woody and Charles Wallen discuss the Acquisition Security Framework (ASF) and how the ASF provides a roadmap to help organizations build security and resilience into a system.
watch -
Acquisition Security Framework (ASF): Managing Systems Cybersecurity Risk
November 11, 2022 • Technical Note
Christopher J. AlbertsMichael S. BandorCharles M. Wallen
This report provides an overview of the Acquisition Security Framework (ASF), a description of the practices developed thus far, and a plan for completing the ASF body of work.
read -
Acquisition Security Framework (ASF): An Acquisition and Supplier Perspective on Managing Software-Intensive Systems’ Cybersecurity Risk
October 04, 2022 • White Paper
Christopher J. AlbertsMichael S. BandorCharles M. Wallen
The Acquisition Security Framework (ASF) contains practices that support programs acquiring/building a secure, resilient software-reliant system to manage risks.
read -
Cloud Increases the Role of Acquisition in Cybersecurity
April 06, 2020 • Article
Carol Woody, PhDChristopher J. AlbertsJohn Klein
This article describes how an organization might address cybersecurity when it adopts cloud technology to replace physical data centers and monitoring and testing can no longer be performed directly on the equipment the system uses.
read -
Operational Test & Evaluation (OT&E) Roadmap for Cloud-Based Systems
September 02, 2019 • White Paper
Carol Woody, PhDChristopher J. AlbertsJohn Klein
This paper provides an overview of the preparation and work that the AEC needs to perform to successfully transition the Army to cloud computing.
read -
Cyber Hygiene: A Baseline Set of Practices
November 15, 2017 • Presentation
Matthew TrevorsCharles M. Wallen
The CERT Division's Cybersecurity Hygiene is a set of 11 practice areas for managing the most common and pervasive cybersecurity risks faced by organizations.
read -
Assessing DoD System Acquisition Supply Chain Risk Management
May 01, 2017 • Article
Christopher J. AlbertsJohn HallerCharles M. Wallen
In this Crosstalk article, the authors discuss the growing challenge of cyber risks in the defense supply chain.
read -
Managing Third Party Risk in Financial Services Organizations: A Resilience-Based Approach
September 27, 2016 • White Paper
John HallerCharles M. Wallen
A resilience-based approach can help financial services organizations to manage cybersecurity risks from outsourcing and comply with federal regulations.
read -
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes
May 01, 2007 • Technical Report
Richard A. CaralliJames F. StevensCharles M. Wallen (Financial Services Technology Consortium)
In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
read -
Resiliency Engineering Framework Project Update
October 11, 2006 • Presentation
David W. WhiteCharles M. Wallen (Financial Services Technology Consortium)
This presentation provides an update of the Resiliency Engineering Framework project being conducted by the Software Engineering Institute's CERT program. It was delivered by David White and Charles Wallen at the FSTC annual meeting on October 11, 2006.
read -
Operational Resiliency Management: An Introduction to the Resiliency Engineering Framework
September 20, 2006 • Presentation
Richard A. CaralliCharles M. Wallen (Financial Services Technology Consortium)
In this presentation, Ron McLeod discusses a partnership with TARA to analyze the outbound and inbound traffic in networks of convenience.
read