James F. Stevens

Author

Software Engineering Institute
James Stevens is a senior member of the technical staff in the CERT Program at Carnegie Mellon University's Software Engineering Institute (SEI). As a member of CERT's Resiliency Engineering and Management team James performs information and infrastructure resiliency research and develops methods, tools, and techniques for resilient enterprise management. This work includes designing and delivering various information security risk assessment, analysis, and management technologies for customers in the government and the private sector. James has been working in information security field for over fifteen years and holds a BS degree in Electrical Engineering from the University of Notre Dame and an MBA from Carnegie Mellon University's Tepper School of Business. James is an IEEE member and holds the CISSP certification.

June 2014 - Webinar Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)

Topics: Cyber Risk and Resilience Management, Risk and Opportunity Management, Smart Grid Maturity Model

Authors: James F. Stevens

Watch James Stevens discuss the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain

September 2009 - Audio The Smart Grid: Managing Electrical Power Distribution and Use

Topics: Smart Grid Maturity Model, Cyber Risk and Resilience Management

Authors: Julia H. Allen, James F. Stevens

The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.

September 2009 - Podcast The Smart Grid: Managing Electrical Power Distribution and Use

Topics: Cyber Risk and Resilience Management

Authors: James F. Stevens, Julia H. Allen

In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.

March 2009 - Presentation The Confluence of Physical and Cyber Security Management

Topics: Cybersecurity Engineering

Authors: Samuel A. Merrell, James F. Stevens

In this presentation, Sam Merrell and James Stevens describe an integrate view of security that includes both physical security and cybersecurity.

May 2007 - Technical Report Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Charles M. Wallen (Financial Services Technology Consortium), David W. White, William R. Wilson, Lisa R. Young

In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.

May 2007 - Technical Report Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Lisa R. Young, William R. Wilson

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.

November 2005 - Presentation Focus on Resiliency: A Process-Oriented Approach to Security

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens

In this presentation, the authors describe a process-oriented approach to security.

June 2005 - Technical Note Information Asset Profiling

Topics: Cyber Risk and Resilience Management

Authors: James F. Stevens, Richard A. Caralli, Bradford J. Willke

In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.

January 2005 - Handbook OCTAVE-S Implementation Guide, Version 1

Topics: Cyber Risk and Resilience Management

Authors: Christopher J. Alberts, Audrey J. Dorofee, James F. Stevens, Carol Woody

In this 2005 handbook, the authors provide detailed guidelines for conducting an OCTAVE-S evaluation.

December 2004 - Technical Note Managing for Enterprise Security

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, Julia H. Allen, James F. Stevens, Bradford J. Willke, William R. Wilson

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.

July 2004 - Technical Report The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

Topics: Cyber Risk and Resilience Management

Authors: Richard A. Caralli, James F. Stevens, Bradford J. Willke, William R. Wilson

In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.

August 2003 - User's Guide Introduction to the OCTAVE Approach

Topics: Cyber Risk and Resilience Management

Authors: Christopher J. Alberts, Audrey J. Dorofee, James F. Stevens, Carol Woody

In this 2003 report, the authors describe the OCTAVE method, an approach for managing information security risks.

Digital Library

Advanced Search

Content Type

Subjects

Publication Date

James F. Stevens