James F. Stevens
Software Engineering Institute
James Stevens is an SEI alumni employee.
James Stevens is a senior member of the technical staff in the CERT Program at Carnegie Mellon University's Software Engineering Institute (SEI). As a member of CERT's Resiliency Engineering and Management team James performs information and infrastructure resiliency research and develops methods, tools, and techniques for resilient enterprise management. This work includes designing and delivering various information security risk assessment, analysis, and management technologies for customers in the government and the private sector. James has been working in information security field for over fifteen years and holds a BS degree in Electrical Engineering from the University of Notre Dame and an MBA from Carnegie Mellon University's Tepper School of Business. James is an IEEE member and holds the CISSP certification.
Publications by James F. Stevens
-
The Smart Grid: Managing Electrical Power Distribution and Use
September 29, 2009 • Audio
Julia H. AllenJames F. Stevens
The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.
listen -
The Smart Grid: Managing Electrical Power Distribution and Use
September 29, 2009 • Podcast
James F. StevensJulia H. Allen
In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.
learn more -
The Confluence of Physical and Cyber Security Management
March 01, 2009 • Presentation
Samuel A. MerrellJames F. Stevens
In this presentation, Sam Merrell and James Stevens describe an integrate view of security that includes both physical security and cybersecurity.
read -
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes
May 01, 2007 • Technical Report
Richard A. CaralliJames F. StevensCharles M. Wallen (Financial Services Technology Consortium)
In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
read -
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process
May 01, 2007 • Technical Report
Richard A. CaralliJames F. StevensLisa R. Young
In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.
read -
Focus on Resiliency: A Process-Oriented Approach to Security
November 14, 2005 • Presentation
Richard A. CaralliJames F. Stevens
In this presentation, the authors describe a process-oriented approach to security.
read -
Information Asset Profiling
June 01, 2005 • Technical Note
James F. StevensRichard A. CaralliBradford J. Willke
In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.
read -
OCTAVE-S Implementation Guide, Version 1
January 01, 2005 • Handbook
Christopher J. AlbertsAudrey J. DorofeeJames F. Stevens
In this 2005 handbook, the authors provide detailed guidelines for conducting an OCTAVE-S evaluation.
read -
Managing for Enterprise Security
December 01, 2004 • Technical Note
Richard A. CaralliJulia H. AllenJames F. Stevens
In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.
read -
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management
July 01, 2004 • Technical Report
Richard A. CaralliJames F. StevensBradford J. Willke
In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
read -
Introduction to the OCTAVE Approach
August 01, 2003 • User's Guide
Christopher J. AlbertsAudrey J. DorofeeJames F. Stevens
In this 2003 report, the authors describe the OCTAVE method, an approach for managing information security risks.
read