Software Engineering Institute

James F. Stevens

Software Engineering Institute

James Stevens is a senior member of the technical staff in the CERT Program at Carnegie Mellon University's Software Engineering Institute (SEI). As a member of CERT's Resiliency Engineering and Management team James performs information and infrastructure resiliency research and develops methods, tools, and techniques for resilient enterprise management. This work includes designing and delivering various information security risk assessment, analysis, and management technologies for customers in the government and the private sector. James has been working in information security field for over fifteen years and holds a BS degree in Electrical Engineering from the University of Notre Dame and an MBA from Carnegie Mellon University's Tepper School of Business. James is an IEEE member and holds the CISSP certification.

Publications by James F. Stevens

The Smart Grid: Managing Electrical Power Distribution and Use

September 29, 2009 • Audio

Julia H. Allen James F. Stevens

The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.
listen
The Smart Grid: Managing Electrical Power Distribution and Use

September 29, 2009 • Podcast

James F. Stevens Julia H. Allen

In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.
learn more
The Confluence of Physical and Cyber Security Management

March 01, 2009 • Presentation

Samuel A. Merrell James F. Stevens

In this presentation, Sam Merrell and James Stevens describe an integrate view of security that includes both physical security and cybersecurity.
read
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

May 01, 2007 • Technical Report

Richard A. Caralli James F. Stevens Charles M. Wallen (Financial Services Technology Consortium)

In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
read
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

May 01, 2007 • Technical Report

Richard A. Caralli James F. Stevens Lisa R. Young

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.
read
Focus on Resiliency: A Process-Oriented Approach to Security

November 14, 2005 • Presentation

Richard A. Caralli James F. Stevens

In this presentation, the authors describe a process-oriented approach to security.
read
Information Asset Profiling

June 01, 2005 • Technical Note

James F. Stevens Richard A. Caralli Bradford J. Willke

In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.
read
OCTAVE-S Implementation Guide, Version 1

January 01, 2005 • Handbook

Christopher J. Alberts Audrey J. Dorofee James F. Stevens

In this 2005 handbook, the authors provide detailed guidelines for conducting an OCTAVE-S evaluation.
read
Managing for Enterprise Security

December 01, 2004 • Technical Note

Richard A. Caralli Julia H. Allen James F. Stevens

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.
read
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

July 01, 2004 • Technical Report

Richard A. Caralli James F. Stevens Bradford J. Willke

In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
read
Introduction to the OCTAVE Approach

August 01, 2003 • User's Guide

Christopher J. Alberts Audrey J. Dorofee James F. Stevens

In this 2003 report, the authors describe the OCTAVE method, an approach for managing information security risks.
read