Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

Showing 1 - 10 of 345 results for Type - Technical Note

Technical Note | March 2018 - Technical Note A Mapping of the Health Insurance Portability and ... By Greg Porter (Heinz College at Carnegie Mellon University), Matthew Trevors, Robert A. Vrtis

This technical note describes mapping of HIPAA Security Rule requirements to practice questions found in the CERT Cyber Resilience Review for organizations' use in HIPAA compliance.

Technical Note | March 2018 - Technical Note A Hybrid Threat Modeling Method By Nancy R. Mead, Forrest Shull, Krishnamurthy Vemuru (University of Virginia), Ole Villadsen (Carnegie Mellon University)

Presents a hybrid method of threat modeling that attempts to meld the desirable features of three methods: Security Cards, Persona non Grata, and STRIDE.

Technical Note | September 2017 - Technical Note Defining a Progress Metric for CERT-RMM Improvement By Gregory Crabb (United States Postal Service), Nader Mehravari (Axio Global), David Tobar

Describes the Cybersecurity Program Progress Metric and how its implementation in a large, diverse U.S. national organization can serve to indicate progress toward improving cybersecurity and resilience capabilities.

Technical Note | April 2017 - Technical Note Prototype Software Assurance Framework (SAF): Introduction ... By Christopher J. Alberts, Carol Woody - PhD

In this report, the authors discuss the Software Assurance Framework (SAF), a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain.

Technical Note | December 2016 - Technical Note Update 2016: Considerations for Using Agile in DoD ... By Suzanne Miller, Dan Ward (Dan Ward Consulting), Mary Ann Lapham, Ray C. Williams, Charles (Bud) Hammons, Daniel Burton, Alfred Schenker

This report updates a 2010 technical note, addressing developments in commercial Agile practices as well as the Department of Defense (DoD) acquisition environment.

Technical Note | December 2016 - Technical Note Scaling Agile Methods for Department of Defense Programs By Will Hayes, Mary Ann Lapham, Suzanne Miller, Eileen Wrubel, Peter Capell

This report discusses methods for scaling Agile processes to larger software development programs in the Department of Defense.

Technical Note | December 2016 - Technical Note Low Cost Technical Solutions to Jump Start an Insider Threat ... By George Silowash, Derrick Spooner, Daniel L. Costa, Michael J. Albrethsen

This technical note explores free and low cost technical solutions to help organizations prevent, detect, and respond to malicious insiders.

Technical Note | October 2016 - Technical Note A Mapping of the Federal Financial Institutions Examination ... By Jeffrey L. Pinckard, Michael Rattigan, Robert A. Vrtis

To help financial organizations assess cyber resilience, we map FFIEC Cybersecurity Assessment Tool (CAT) statements to Cyber Resilience Review (CRR) questions.

Technical Note | August 2016 - Technical Note Creating Centralized Reporting for Microsoft Host Protection ... By Craig Lewis, Joseph Tammariello

This report describes how to set up a centralized reporting console for the Windows Enhanced Mitigation Experience Toolkit.

Technical Note | August 2016 - Technical Note The QUELCE Method: Using Change Drivers to Estimate ... By Sarah Sheard

This technical note introduces Quantifying Uncertainty in Early Lifecycle Cost Estimation (QUELCE), a method for estimating program costs early in development.