Audrey J. Dorofee
Software Engineering Institute
Publications by Audrey J. Dorofee
-
Incident Management Capability Assessment
December 19, 2018 • Technical Report
Audrey J. DorofeeRobin RuefleMark Zajicek
The capabilities presented in this report provide a benchmark of incident management practices.
read -
Wireless Emergency Alerts Commercial Mobile Service Provider (CMSP) Cybersecurity Guidelines
June 09, 2016 • Special Report
Christopher J. AlbertsAudrey J. DorofeeCarol Woody, PhD
This report provides members of the Commercial Mobile Service Provider (CMSP) community with practical guidance for better managing cybersecurity risk exposure, based on an SEI study of the CMSP element of the Wireless Emergency Alert pipeline.
read -
Defining a Maturity Scale for Governing Operational Resilience
March 19, 2015 • Technical Note
Katie C. StewartJulia H. AllenAudrey J. Dorofee
Governing operational resilience requires the appropriate level of sponsorship, a commitment to strategic planning that includes resilience objectives, and proper oversight of operational resilience activities.
read -
Introduction to the Security Engineering Risk Analysis (SERA) Framework
December 04, 2014 • Technical Note
Christopher J. AlbertsCarol WoodyAudrey J. Dorofee
This report introduces the SERA Framework, a model-based approach for analyzing complex security risks in software-reliant systems and systems of systems early in the lifecycle.
read -
An Incident Management Ontology
November 25, 2014 • Conference Paper
Dave MundieRobin RuefleAudrey J. Dorofee
In this paper, the authors describe the shortcomings of the incident management meta-model and how an incident management ontology addresses those shortcomings.
read -
An Introduction to the Mission Risk Diagnostic for Incident Management Capabilities (MRD-IMC)
May 30, 2014 • Technical Note
Christopher J. AlbertsAudrey J. DorofeeRobin Ruefle
The Mission Risk Diagnostic for Incident Management Capabilities revises the Incident Management Mission Diagnostic Method with updated and expanded drivers.
read -
A Systemic Approach for Assessing Software Supply-Chain Risk
May 14, 2013 • White Paper
Audrey J. DorofeeCarol WoodyChristopher J. Alberts
In this paper, the authors highlight the approach being implemented by SEI researchers for assessing and managing software supply-chain risks and provides a summary of the status of this work.
read -
Mission Risk Diagnostic (MRD) Method Description
February 01, 2012 • Technical Note
Christopher J. AlbertsAudrey J. Dorofee
In this report, the authors describe the Mission Risk Diagnostic (MRD) method, which is used to assess risk in systems across the lifecycle and supply chain.
read -
Supply Chain Assurance Overview
September 01, 2011 • CERT Research Report
Robert J. EllisonChristopher J. AlbertsRita C. Creel
In this section of the research report, the authors attempt to integrate development and acquisition practices with risk-based evaluations and mitigations.
read -
Software Supply Chain Risk Management: From Products to Systems of Systems
December 01, 2010 • Technical Note
Robert J. EllisonChristopher J. AlbertsRita C. Creel
In this report, the authors consider current practices in software supply chain analysis and suggest some foundational practices.
read -
Risk Management Framework
August 01, 2010 • Technical Report
Christopher J. AlbertsAudrey J. Dorofee
In this report, the authors specify (1) a framework that documents best practice for risk management and (2) an approach for evaluating a program's risk management practice in relation to the framework.
read -
Rethinking Risk Management Tutorial
October 26, 2009 • Presentation
Christopher J. AlbertsAudrey J. Dorofee
Presented at the NDIA Systems Engineering Conference 2009 by Audrey Dorofee and Christopher Alberts.
read -
A Technical Overview of Risk and Opportunity Management
April 24, 2009 • Presentation
Christopher J. AlbertsAudrey J. Dorofee
In this presentation, the authors provide a technical overview of systemic risk and opportunity management for distributed environments.
read -
A Framework for Categorizing Key Drivers of Risk
April 01, 2009 • Technical Report
Christopher J. AlbertsAudrey J. Dorofee
This 2009 report features a systemic approach for managing risk that takes into account the complex nature of distributed environments.
read -
New Directions in Risk: A Success-Oriented Approach (2009)
March 23, 2009 • Presentation
Christopher J. AlbertsAudrey J. Dorofee
In this presentation, the authors describe the analysis of wireless network data, MAC layer information in netflow tools, and how the tools convert flow data.
read -
Preview of the Mission Assurance Analysis Protocol (MAAP): Assessing Risk and Opportunity in Complex Environments
July 01, 2008 • Technical Note
Christopher J. AlbertsAudrey J. DorofeeLisa Marino
In this 2008 document, the authors preview a core set of activities and outputs that define a MAAP assessment.
read -
Using the Mission Diagnostic: Lessons Learned (2008)
March 17, 2008 • Presentation
Christopher J. AlbertsAudrey J. Dorofee
Presented at SEPG 2008, March 17-20, 2008 Tampa, Florida
read -
Lessons Learned Applying the Mission Diagnostic
March 01, 2008 • Technical Note
Audrey J. DorofeeLisa MarinoChristopher J. Alberts
This technical note describes the adaptation of the Mission Diagnostic (MD) necessary for a customer and the lessons we learned from its use.
read -
Mission Diagnostic Protocol, Version 1.0: A Risk-Based Approach for Assessing the Potential for Success
March 01, 2008 • Technical Report
Christopher J. AlbertsAudrey J. DorofeeLisa Marino
This 2008 document describes the core set of activities and outputs that defines mission diagnostic protocol (MDP).
read -
Incident Management Mission Diagnostic Method, Version 1.0
March 01, 2008 • Technical Report
Audrey J. DorofeeGeorgia KillcreceRobin Ruefle
This report is superseded by the Mission Risk Diagnostic for Incident Management Capabilities, CMU/SEI-2014-TN-004.
read -
Assuring Mission Success in Complex Settings
March 15, 2007 • Presentation
Christopher J. AlbertsAudrey J. Dorofee
In this presentation, the authors describe lessons learned from actual incidents of fraud, theft of sensitive information, and IT sabotage.
read -
Executive Overview of SEI MOSAIC: Managing for Success Using a Risk-Based Approach
March 01, 2007 • Technical Note
Christopher J. AlbertsAudrey J. DorofeeLisa Marino
This 2007 report provides an overview of the concepts and foundations of MOSAIC, a suite of advanced, risk-based analysis methods for assessing complex, distributed programs, processes, and information-technology systems.
read -
Advanced Risk Analysis for High-Performing Organizations
October 26, 2006 • Presentation
Christopher J. AlbertsAudrey J. Dorofee
In this presentation, the authors describe Advanced Risk Analysis for High-Performing Organizations.
read -
Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments
September 01, 2005 • Technical Note
Christopher J. AlbertsAudrey J. Dorofee
In this 2005 report, the authors present concepts and theories underlying the Mission Assurance Analysis Protocol.
read -
OCTAVE-S Implementation Guide, Version 1
January 01, 2005 • Handbook
Christopher J. AlbertsAudrey J. DorofeeJames F. Stevens
In this 2005 handbook, the authors provide detailed guidelines for conducting an OCTAVE-S evaluation.
read -
Defining Incident Management Processes for CSIRTs: A Work in Progress
October 01, 2004 • Technical Report
Christopher J. AlbertsAudrey J. DorofeeGeorgia Killcrece
In this report, the authors present a prototype best practice model for performing incident management processes and functions.
read -
Rethinking Risk Management (2004)
January 01, 2004 • Presentation
Christopher J. AlbertsAudrey J. Dorofee
This presentation explores if state-of-the-practice risk assessments accurately characterize the security risk confronting healthcare organizations. It also examines if risks are overlooked by state-of-the-practice risk assessments.
read -
Introduction to the OCTAVE Approach
August 01, 2003 • User's Guide
Christopher J. AlbertsAudrey J. DorofeeJames F. Stevens
In this 2003 report, the authors describe the OCTAVE method, an approach for managing information security risks.
read -
Managing Information Security Risks: The OCTAVE Approach
July 09, 2002 • Book
Christopher J. AlbertsAudrey J. Dorofee
In this book, the authors provide a systematic way to evaluate and manage information security risks through the use of the OCTAVE approach.
read -
OCTAVE Criteria, Version 2.0
December 01, 2001 • Technical Report
Christopher J. AlbertsAudrey J. Dorofee
This 2001 report defines a general approach for evaluating and managing information security risks.
read -
OCTAVE Catalog of Practices, Version 2.0
October 01, 2001 • Technical Report
Christopher J. AlbertsAudrey J. DorofeeJulia H. Allen
In this report, the authors describe OCTAVE practices, which enable organizations to identify risks and mitigate them.
read -
OCTAVE Method Implementation Guide Version 2.0 Volume 2: Preliminary Activities
June 01, 2001 • User's Guide
Christopher J. AlbertsAudrey J. Dorofee
In this list of preliminary activities, the authors describe activities you will complete to implement the OCTAVE method.
read -
OCTAVE Method Implementation Guide Version 2.0 Volume 1: Introduction
June 01, 2001 • User's Guide
Christopher J. AlbertsAudrey J. Dorofee
In this report, the authors describe everything you will need to understand and implement OCTAVE method.
read -
HIPAA and Information Security Risk: Implementing an Enterprise-Wide Risk Management Strategy
February 17, 2001 • Article
Christopher J. AlbertsAudrey J. Dorofee
In this article, the authors describe an information security risk evaluation that enables risks assessment and mitigation consistent with HIPAA guidelines.
read -
A Collaboration in Implementing Team Risk Management
March 01, 1996 • Technical Report
David P. GluchAudrey J. DorofeeE. Hubbard
This report presents results of a collaborative development effort to transition the Software Engineering Institute (SEI) team risk management process into practice.
read -
Continuous Risk Management Guidebook
January 01, 1996 • Book
Christopher J. AlbertsAudrey J. DorofeeRon Higuera
This book describes the underlying principles, concepts, and functions of risk management and provides guidance on how to implement it as a continuous practice in your projects and organization.
read -
Team Risk Management: A New Model for Customer-Supplier Relationships
July 01, 1994 • Special Report
Ron HigueraAudrey J. DorofeeJulie A. Walker
This 1994 report presents the concepts of Team Risk management by providing a description of the overall process that engages both the customer and supplier in a cooperative framework using explicit methods to manage project risks.
read -
An Introduction to Team Risk Management (Version 1.0)
May 01, 1994 • Special Report
Ron HigueraDavid P. GluchAudrey J. Dorofee
This 1994 report defines the organizational structure and operational activities for managing risks throughout all phases of the life-cycle of a software-dependent development program.
read