Software Engineering Institute

James F. Stevens

Software Engineering Institute

James Stevens is a senior member of the technical staff in the CERT Program at Carnegie Mellon University's Software Engineering Institute (SEI). As a member of CERT's Resiliency Engineering and Management team James performs information and infrastructure resiliency research and develops methods, tools, and techniques for resilient enterprise management. This work includes designing and delivering various information security risk assessment, analysis, and management technologies for customers in the government and the private sector. James has been working in information security field for over fifteen years and holds a BS degree in Electrical Engineering from the University of Notre Dame and an MBA from Carnegie Mellon University's Tepper School of Business. James is an IEEE member and holds the CISSP certification.

Publications by James F. Stevens

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2)

June 17, 2014 • Webinar

James F. Stevens

Watch James Stevens discuss the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) from the SEI Virtual Event, CERT® Operational Resilience: Manage, Protect and Sustain
watch
The Smart Grid: Managing Electrical Power Distribution and Use

September 29, 2009 • Audio

Julia H. Allen, James F. Stevens

The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.
listen
The Smart Grid: Managing Electrical Power Distribution and Use

September 29, 2009 • Podcast

James F. Stevens, Julia H. Allen

In this podcast, James Stevens explains how using the smart grid comes with some new privacy and security challenges.
learn more
The Confluence of Physical and Cyber Security Management

March 01, 2009 • Presentation

Samuel A. Merrell, James F. Stevens

In this presentation, Sam Merrell and James Stevens describe an integrate view of security that includes both physical security and cybersecurity.
read
Introducing the CERT® Resiliency Engineering Framework: Improving the Security and Sustainability Processes

May 01, 2007 • Technical Report

Richard A. Caralli, James F. Stevens, Charles M. Wallen (Financial Services Technology Consortium), David W. White, William R. Wilson, Lisa R. Young

In this 2007 report, the authors explore the transformation of security and business continuity into processes to support and sustain operational resiliency.
read
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

May 01, 2007 • Technical Report

Richard A. Caralli, James F. Stevens, Lisa R. Young, William R. Wilson

In this 2007 report, the authors highlight the design considerations and requirements for OCTAVE Allegro based on field experience.
read
Focus on Resiliency: A Process-Oriented Approach to Security

November 14, 2005 • Presentation

Richard A. Caralli, James F. Stevens

In this presentation, the authors describe a process-oriented approach to security.
read
Information Asset Profiling

June 01, 2005 • Technical Note

James F. Stevens, Richard A. Caralli, Bradford J. Willke

In this 2005 report, the authors describe IAP, a documented and repeatable process for developing consistent asset profiles.
read
OCTAVE-S Implementation Guide, Version 1

January 01, 2005 • Handbook

Christopher J. Alberts, Audrey J. Dorofee, James F. Stevens, Carol Woody

In this 2005 handbook, the authors provide detailed guidelines for conducting an OCTAVE-S evaluation.
read
Managing for Enterprise Security

December 01, 2004 • Technical Note

Richard A. Caralli, Julia H. Allen, James F. Stevens, Bradford J. Willke, William R. Wilson

In this 2004 report, the authors itemize characteristics of common approaches to security that limit effectiveness and success.
read
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management

July 01, 2004 • Technical Report

Richard A. Caralli, James F. Stevens, Bradford J. Willke, William R. Wilson

In this report, the authors describe the critical success factor method and present theories and experience in applying it to enterprise security management.
read
Introduction to the OCTAVE Approach

August 01, 2003 • User's Guide

Christopher J. Alberts, Audrey J. Dorofee, James F. Stevens, Carol Woody

In this 2003 report, the authors describe the OCTAVE method, an approach for managing information security risks.
read