Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Pamela D. Curtis
February 2017 - White Paper The CISO Academy

Topics: Cyber Risk and Resilience Management

In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy.

October 2015 - Technical Note Structuring the Chief Information Security Officer Organization

Topics: Cyber Risk and Resilience Management

The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.

February 2015 - Technical Note A Proven Method for Meeting Export Control Objectives in Postal and Shipping Sectors

Topics: Cyber Risk and Resilience Management

This report describes how the CERT-RMM enabled the USPIS to implement an innovative approach for achieving complex international mail export control objectives.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: International Mail Transportation (Version 1.0)

Topics: Cyber Risk and Resilience Management

This report describes a new process area that ensures that international mail is transported according to Universal Postal Union standards.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: Mail Revenue Assurance (Version 1.0)

Topics: Cyber Risk and Resilience Management

This report describes a new process area that ensures that the USPS is compensated for mail that is accepted, transported, and delivered.

September 2014 - Technical Note CERT Resilience Management Model—Mail-Specific Process Areas: Mail Induction (Version 1.0)

Topics: Cyber Risk and Resilience Management

This report describes a new process area that ensures that mail is inducted into the U.S. domestic mail stream according to USPS standards and requirements.

January 2014 - Technical Note A Proven Method for Identifying Security Gaps in International Postal and Transportation Critical Infrastructure

Topics: Cyber Risk and Resilience Management

In this report, the authors describe a method of identifying physical security gaps in international mail processing centers and similar facilities.

December 2012 - Technical Note Analyzing Cases of Resilience Success and Failure - A Research Study

Topics: Cyber Risk and Resilience Management

In this report, the authors describe research aimed at helping organizations to know the business value of implementing resilience processes and practices.

December 2011 - Technical Note Using Defined Processes as a Context for Resilience Measures

Topics: Cyber Risk and Resilience Management

In this report, the authors describe how implementation-level processes can provide context for identifying and defining measures of operational resilience.

October 2011 - Podcast Measuring Operational Resilience

Topics: Measurement and Analysis, Cyber Risk and Resilience Management

In this podcast, Julia Allen explains that measures of operational resilience should answer key questions, inform decisions, and affect behavior.

July 2011 - Technical Report Measures for Managing Operational Resilience

Topics: Cyber Risk and Resilience Management, Measurement and Analysis

In this report, the Resilient Enterprise Management (REM) team suggests a set of top ten strategic measures for managing operational resilience.

May 2010 - Technical Report CERT Resilience Management Model, Version 1.0

Topics: Cyber Risk and Resilience Management

In this report, the authors present CERT-RMM, an approach to managing operational resilience in complex, risk-evolving environments.