Software Engineering Institute

David Tobar

Software Engineering Institute

Publications by David Tobar

Loss Magnitude Estimation in Support of Business Impact Analysis

December 15, 2020 • Technical Report

Daniel J. Kambic Andrew P. Moore David Tobar

The authors describe a project to develop an estimation method that yields greater confidence in and improved ranges for estimates of potential cyber loss magnitude.
read
Defining a Progress Metric for CERT-RMM Improvement

September 08, 2017 • Technical Note

Gregory Crabb (United States Postal Service)Nader Mehravari (Axio Global)David Tobar

Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.
read
The CISO Academy

February 23, 2017 • White Paper

Pamela D. Curtis Summer C. Fowler David Tobar

In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy.
read
Structuring the Chief Information Security Officer Organization

October 06, 2015 • Technical Note

Julia H. Allen Gregory Crabb (U.S. Postal Inspection Service)Pamela D. Curtis

The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.
read