In this 2000 report, we develop a model to evaluate the tradeoffs between the cost of defense mechanisms for networked systems and the resulting expected survivability after a network attack.
This report, published in 2000, presents an extended analysis of CERT Coordination Center incidents data (from 1988 to 1995) and applies the results to simulate attacks and their impacts on network sites.
The practices recommended in this report from 2000 are designed to help administrators configure and deploy network servers that satisfy organizational security requirements.
The practices recommended in this 1999 report are designed to help you configure and deploy networked workstations that satisfy your organization‰s security requirements. The practices may also be useful in examining the configuration of previously deployed workstations.
This 1999 report is one of a series of SEI publications that are intended to provide practical guidance to help organizations improve the security of their networked computer systems. This report is intended for system and network administrators, managers of information systems, and security personnel responsible for networked information resources.
The practices recommended in this 1999 report are designed to help administrators configure and deploy network servers that satisfy organizational security requirements.
This paper proposes a lexicon of functionalities to characterize survivable systems activities, and an approach to analyze networked systems environments.
The 1998 report provides guidance to help organizations improve the security of their networked computer systems.
The practices contained in this 1998 report identify advance preparations you must make to enable you to obtain evidence of an intrusion or an intrusion attempt.
This 1998 document is one of a new series of publications of the Software EngineeringInstitute at Carnegie Mellon University,security improvement modules.They are intended to provide concrete, practical guidance that will help organizationsimprove the security of their networked computer systems.
This 1995 study applies various tools, techniques, and methods that the SEI is evaluating for analyzing information being produced at a very rapid rate in the discipline.
This 1993 report describes a method for facilitating the systematic and repeatable identification of risks associated with the development of a software-dependent project.
This 1990 report provides an initial overall assessment of the nation‰s capacity to produce military software, with a focus onmission-critical software.