Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

David Tobar
September 2017 - Technical Note Defining a Progress Metric for CERT-RMM Improvement

Topics: Cyber Risk and Resilience Management

Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.

February 2017 - White Paper The CISO Academy

Topics: Cyber Risk and Resilience Management

In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy.

October 2015 - Technical Note Structuring the Chief Information Security Officer Organization

Topics: Cyber Risk and Resilience Management

The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.