Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Rita C. Creel
February 2014 - Special Report Best Practices in Wireless Emergency Alerts

Topics: Cyber Risk and Resilience Management

This report presents four best practices for the Wireless Emergency Alerts (WEA) service, including implementing WEA in a local jurisdiction, training emergency staff in using WEA, cross-jurisdictional governance of WEA, and cybersecurity risk management.

July 2013 - White Paper System-of-Systems Influences on Acquisition Strategy Development

Topics: Acquisition Support, Cybersecurity Engineering, Software Assurance

In this paper, the authors discuss significant new sources of risk and recommend ways to address them.

July 2013 - White Paper Assuring Software Systems Security: Life Cycle Considerations for Government Acquisitions

Topics: Cybersecurity Engineering, Acquisition Support

Authors: Rita C. Creel

In this paper, Rita Creel identifies acquirer activities and resources necessary to support contractor efforts to build secure software-intensive systems.

May 2013 - White Paper A Systemic Approach for Assessing Software Supply-Chain Risk

Topics: Acquisition Support, Cybersecurity Engineering, Software Assurance

In this paper, the authors highlight the approach being implemented by SEI researchers for assessing and managing software supply-chain risks and provides a summary of the status of this work.

December 2011 - Special Report Standards-Based Automated Remediation: A Remediation Manager Reference Implementation, 2011 Update

Topics: Acquisition Support

In this report, the authors describe work to develop standards for automated remediation of vulnerabilities and compliance issues on DoD networked systems.

September 2011 - CERT Research Report Supply Chain Assurance Overview

Topics: Cybersecurity Engineering

In this section of the research report, the authors attempt to integrate development and acquisition practices with risk-based evaluations and mitigations.

July 2011 - Special Report Standards-Based Automated Remediation: A Remediation Manager Reference Implementation

Topics: Acquisition Support

In this report, the authors describe work to develop standards for vulnerability and compliance remediation on DoD networked systems.

December 2010 - Technical Note Software Supply Chain Risk Management: From Products to Systems of Systems

Topics: Cybersecurity Engineering

In this report, the authors consider current practices in software supply chain analysis and suggest some foundational practices.

November 2009 - Technical Note A Method for Assessing Technical Progress and Quality Throughout the System Life Cycle

Topics: Measurement and Analysis, Process Improvement

This 2009 paper provides a framework for evaluating a system from several perspectives for a comprehensive picture of progress and quality.

September 2005 - Technical Note A Taxonomy of Operational Risks

Topics: Acquisition Support

This report presents a taxonomy-based method for identifying and classifying risks to operational aspects of an enterprise.

June 2004 - White Paper Acquisition Overview: The Challenges

Topics: Cybersecurity Engineering, Acquisition Support, Software Assurance

In this paper, the authors raise issues involving how systems are integrated to provide required capabilities.