Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

Showing 1 - 10 of 343 results for Type - Technical Note

Technical Note | September 2017 - Technical Note Defining a Progress Metric for CERT-RMM Improvement By Gregory Crabb (United States Postal Service), Nader Mehravari (Axio Global), David Tobar

Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.

Technical Note | April 2017 - Technical Note Prototype Software Assurance Framework (SAF): Introduction ... By Christopher J. Alberts, Carol Woody - PhD

In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.

Technical Note | December 2016 - Technical Note Update 2016: Considerations for Using Agile in DoD ... By Suzanne Miller, Dan Ward (Dan Ward Consulting), Mary Ann Lapham, Ray C. Williams, Charles (Bud) Hammons, Daniel Burton, Alfred Schenker

This report updates a 2010 technical note, addressing developments in commercial Agile practices as well as the Department of Defense (DoD) acquisition environment.

Technical Note | December 2016 - Technical Note Scaling Agile Methods for Department of Defense Programs By Will Hayes, Mary Ann Lapham, Suzanne Miller, Eileen Wrubel, Peter Capell

This report discusses methods for scaling Agile processes to larger software development programs in the Department of Defense.

Technical Note | December 2016 - Technical Note Low Cost Technical Solutions to Jump Start an Insider Threat ... By George Silowash, Derrick Spooner, Daniel L. Costa, Michael J. Albrethsen

This technical note explores free and low cost technical solutions to help organizations prevent, detect, and respond to malicious insiders.

Technical Note | October 2016 - Technical Note A Mapping of the Federal Financial Institutions Examination ... By Jeffrey L. Pinckard, Michael Rattigan, Robert A. Vrtis

To help financial organizations assess cyber resilience, we map FFIEC Cybersecurity Assessment Tool (CAT) statements to Cyber Resilience Review (CRR) questions.

Technical Note | August 2016 - Technical Note Creating Centralized Reporting for Microsoft Host Protection ... By Craig Lewis, Joseph Tammariello

This report describes how to set up a centralized reporting console for the Windows Enhanced Mitigation Experience Toolkit.

Technical Note | August 2016 - Technical Note The QUELCE Method: Using Change Drivers to Estimate ... By Sarah Sheard

This technical note introduces Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE), a method for estimating program costs early in development.

Technical Note | May 2016 - Technical Note Applying the Goal-Question-Indicator-Metric (GQIM) Method to ... By Douglas Gray

This report describes how to use the goal-question-indicator-metric method in tandem with the military METT-TC method (mission, enemy, time, terrain, troops available, and civil-military considerations).

Technical Note | October 2015 - Technical Note Structuring the Chief Information Security Officer Organization By Julia H. Allen, Gregory Crabb (U.S. Postal Inspection Service), Pamela D. Curtis, Brendan Fitzpatrick, Nader Mehravari, David Tobar

The authors describe how they defined a CISO team structure and functions for a national organization using sources such as CISOs, policies, and lessons learned from cybersecurity incidents.