More Related Links
A Technical Overview of Risk and Opportunity Management |
 |
A technical overview of systemic risk and opportunity management for distributed environments. | |
Advanced Information Assurance Handbook |
|
Advanced Information Assurance Handbook | |
An Introduction to Governing for Enterprise Security |
|
An Introduction to Governing for Enterprise Security | |
Applying FSQ Engineering Foundations to Automated Calculation of Program Behavior |
|
Applying FSQ Engineering Foundations to Automated Calculation of Program Behavior | |
Applying OCTAVE: Practitioners Report |
|
Applying OCTAVE: Practitioners Report | |
Assumption Management |
|
Assumption Management | |
Assuring Mission Success in Complex Settings |
|
Presented: March 2007 | |
Attack Scenarios: How to Get There from Here |
|
Attack Scenarios: How to Get There from Here | |
Avoiding the Trial-by-Fire Approach to Security Incidents |
|
Avoiding the Trial-by-Fire Approach to Security Incidents | |
Building Information Assurance Educational Capacity: Pilot Efforts to Date |
|
Building Information Assurance Educational Capacity: Pilot Efforts to Date | |
Building More Secure Software |
|
Building More Secure Software | |
CERT C Secure Coding Standard |
 |
This book is an essential desktop reference documenting the first official release of The CERT C Secure Coding Standard. The standard itemizes those coding errors that are the root causes of software vulnerabilities in C and prioritizes them by severity, likelihood of exploitation, and remediation costs. | |
CERT Function Extraction Experiment: Quantifying FX Impact on Software Comprehension and Verification, The |
|
The CERT Function Extraction Experiment: Quantifying FX Impact on Software Comprehension and Verification, The | |
CERT Guide To System and Network Security Practices |
|
This book makes CERT practices and implementations available in book form, and offers step-by-step guidance for protecting your systems and networks against malicious and inadvertent compromise. | |
CERT Launches Secure Coding Standards Web Site |
|
CERT Launches Secure Coding Standards Web Site | |
CERT Resiliency Engineering Framework (now CERT Resiliency Management Model) |
 |
This session demonstrates the CERT Resiliency Engineering Framework (REF) as a foundational model that provides a structure from which an organization can systematically identify its current capabilities and level of security effectiveness, assess resiliency targets and goals, and build a road map for continuous improvement. | |
CERT System and Network Security Practices |
|
CERT System and Network Security Practices | |
CERT's Function Extraction Project: Exploring Program Behavior for Security Analysis |
|
CERT's Function Extraction Project: Exploring Program Behavior for Security Analysis | |
CERT/CC Instrumental in National Security Effort |
|
CERT/CC Instrumental in National Security Effort | |
CERT/CC and Secret Service Collaborate on Security |
|
CERT/CC and Secret Service Collaborate on Security | |
Can We Ever Build Survivable Systems from COTS Components? |
|
Can We Ever Build Survivable Systems from COTS Components? | |
Can You Prove It? |
|
Can You Prove It? | |
Carnegie Mellon Educates Next Generation of Information-Security Experts |
|
Carnegie Mellon Educates Next Generation of Information-Security Experts | |
Common Concepts Underlying Safety, Security, and Survivability Engineering |
|
Common Concepts Underlying Safety, Security, and Survivability Engineering | |
Computer Forensics for Business Leaders: A Primer |
|
Computer Forensics for Business Leaders: A Primer | |
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis |
|
Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis | |
Continuous Risk Management Guidebook |
|
The Continuous Risk Management Guidebook describes the underlying principles, concepts, and functions of risk management and provides guidance on how to implement it as a continuous practice in your projects and organization. | |
Countering the Threat of Internet Denial of Service Attacks |
|
Countering the Threat of Internet Denial of Service Attacks | |
Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management, The |
|
The Critical Success Factor Method: Establishing a Foundation for Enterprise Security Management | |
Cyber Attack Scenarios Test Responses |
|
Cyber Attack Scenarios Test Responses | |
Cybersleuthing: Means, Motive, and Opportunity |
|
Cybersleuthing: Means, Motive, and Opportunity | |
Defense-in-Depth: Foundations for Secure and Resilient Enterprises |
|
Defense-in-Depth: Foundations for Secure and Resilient Enterprises | |
Defining Incident Management Processes for CSIRTs: A Work in Progress |
|
Defining Incident Management Processes for CSIRTs: A Work in Progress | |
Detecting Scans at the ISP Level |
|
Detecting Scans at the ISP Level | |
Eliciting and Analyzing Quality Requirements: Management Influences on Software Quality Requirements |
|
Eliciting and Analyzing Quality Requirements: Management Influences on Software Quality Requirements | |
Enterprise Security Management: Refocusing Security’s Role |
|
Enterprise Security Management: Refocusing Security’s Role | |
Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools |
|
Evaluation of CERT Secure Coding Rules through Integration with Source Code Analysis Tools | |
Everyone's a System Administrator |
|
Everyone's a System Administrator | |
Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks |
|
Evolutionary Systems Design: Recognizing Changes in Security and Survivability Risks | |
File Cabinets and Pig Latin: Guards for Information Assets |
|
File Cabinets and Pig Latin: Guards for Information Assets | |
First Responders Guide to Computer Forensics |
|
First Responders Guide to Computer Forensics | |
First Responders Guide to Computer Forensics: Advanced Topics |
|
First Responders Guide to Computer Forensics: Advanced Topics | |
Flow-Service-Quality (FSQ) Engineering: Foundations for Network System Analysis and Development |
|
Flow-Service-Quality (FSQ) Engineering: Foundations for Network System Analysis and Development | |
From Y2K to Security Improvement: A Critical Transition |
|
From Y2K to Security Improvement: A Critical Transition | |
From Y2K to Security Improvement; A Critical Transition |
|
From Y2K to Security Improvement: A Critical Transition | |
Global Information Grid Survivability: Four Studies |
|
Global Information Grid Survivability: Four Studies | |
Governing for Enterprise Security |
|
Governing for Enterprise Security | |
Governing for Enterprise Security (GES) Implementation Guide |
|
Governing for Enterprise Security (GES) Implementation Guide | |
Governing for Enterprise Security: Security is a Requirement of Being in Business |
|
Governing for Enterprise Security: Security is a Requirement of Being in Business | |
Governing for Security: Protect Stakeholder Interests |
|
Governing for Security: Protect Stakeholder Interests | |
Handbook for Computer Security Incident Response Teams (CSIRTs) |
|
Handbook for Computer Security Incident Response Teams (CSIRTs) | |
High-Fidelity E-Learning: The SEI's Virtual Training Environment (VTE) |
|
This report describes the SEI's Virtual Training Environment (VTE) within the context of high-fidelity e-learning. | |
How Much Security Is Enough? |
|
How Much Security Is Enough? | |
How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods |
|
How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods | |
How the FBI Investigates Computer Crime |
|
How the FBI Investigates Computer Crime | |
Impact of Function Extraction Technology on Next-Generation Software Engineering, The |
|
Impact of Function Extraction Technology on Next-Generation Software Engineering, The | |
Incident Management Capability Metrics Version 0.1 |
|
Incident Management Capability Metrics Version 0.1 | |
Incident Management Mission Diagnostic Method, Version 1.0 |
|
Incident Management Mission Diagnostic Method, Version 1.0 | |
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models |
|
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models | |
Information Asset Profiling |
|
Information Asset Profiling | |
Initiative Advocates Building Security In from the Start |
|
Initiative Advocates Building Security In from the Start | |
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector |
|
Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector | |
Install and Use Those Anti-Virus Programs |
|
Install and Use Those Anti-Virus Programs | |
Installing and Using a Firewall Program |
|
Installing and Using a Firewall Program | |
International Liability Issues for Software Quality |
|
International Liability Issues for Software Quality | |
Internet Denial of Service: Attack and Defense Mechanisms |
|
Internet Denial of Service sheds light on a complex and fascinating form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide. | |
Interview with Richard D. Pethia |
|
Interview with Richard D. Pethia | |
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process |
|
Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process | |
Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes |
|
Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes | |
Intrusion Detection Systems |
|
Intrusion Detection Systems | |
Is There an Intruder in My Computer? |
|
Is There an Intruder in My Computer? | |
Life-Cycle Models for Survivable Systems |
|
Life-Cycle Models for Survivable Systems | |
Making the Business Case for Software Assurance |
|
This report provides guidance for those who want to make the business case for building software assurance into software products during each software development life-cycle activity. | |
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks |
|
Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers Information, Systems, or Networks | |
Managing Information Security Risks: The OCTAVE Approach |
|
The book provides a systematic way to evaluate and manage information security risks, illustrates the implementation of self-directed evaluations, and shows how to tailor evaluation methods to different types of organizations. | |
Managing for Enterprise Security |
|
Managing for Enterprise Security | |
Meet Ricky & Stick |
|
Meet Ricky & Stick | |
Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments |
|
Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments | |
Modeling and Analysis of Information Technology Change and Access Controls in the Business Context |
|
Modeling and Analysis of Information Technology Change and Access Controls in the Business Context | |
Network Survivability Analysis Using Easel |
|
Network Survivability Analysis Using Easel | |
New Book Helps Organizations Take Charge of Information Security |
|
New Book Helps Organizations Take Charge of Information Security | |
New CERT “Virtual Training Environment” Provides Online Information Security Education |
|
New CERT “Virtual Training Environment” Provides Online Information Security Education | |
New CERT Course and Handbook Detail Electronic Detective Work |
|
New CERT Course and Handbook Detail Electronic Detective Work | |
New Directions in Risk: A Success-Oriented Approach (2009) |
|
presented in San Jose, California, at the 21st Annual SEPG North America 2009 conference March 23-26, 2009 | |
OCTAVE Allegro Speeds Up the Risk Assessment Process |
|
OCTAVE Allegro Speeds Up the Risk Assessment Process | |
OCTAVE Developers Reach Out to Smaller Organizations with OCTAVE-S |
|
OCTAVE Developers Reach Out to Smaller Organizations with OCTAVE-S | |
OCTAVE Users Forum: Helping to Build a Community of Practice |
|
OCTAVE Users Forum: Helping to Build a Community of Practice | |
OCTAVE-S Implementation Guide, Version 1 |
|
OCTAVE-S Implementation Guide, Version 1 | |
Organizational Models for Computer Security Incident Response Teams (CSIRTs) |
|
Organizational Models for Computer Security Incident Response Teams (CSIRTs) | |
Outsourcing Managed Security Services |
|
Outsourcing Managed Security Services | |
Preventing Security-Related Defects |
|
Preventing Security-Related Defects | |
Process Improvement Should Link to Security: SEPG 2007 Security Track Recap |
|
Process Improvement Should Link to Security: SEPG 2007 Security Track Recap | |
Protecting Against Insider Threat |
|
Protecting Against Insider Threat | |
Protecting Critical Systems in Unbounded Networks |
|
Protecting Critical Systems in Unbounded Networks | |
Ranged Integers for the C Programming Language |
|
Ranged Integers for the C Programming Language | |
Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations |
|
Reeducation to Expand the Software Engineering Workforce: Successful Industry/University Collaborations | |
Removing Roadblocks to Cyber Defense |
|
Removing Roadblocks to Cyber Defense | |
Report on Annual Regional Information Assurance Symposia |
|
Report on Annual Regional Information Assurance Symposia | |
Requirements Engineering for Survivable Systems |
|
Requirements Engineering for Survivable Systems | |
Risk Management Considerations for Interoperable Acquisition |
|
Risk Management Considerations for Interoperable Acquisition | |
SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies |
|
SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies | |
Secure Coding |
|
Led by Robert Seacord, the Secure Coding Initiative (SCI) within CERT works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before software becomes operational. SCI is developing secure coding standards for commonly used programming languages such as C, C++, and Java. These standards can be used to improve and assess the security and overall quality of software through training, automated analysis, code review, and other processes. | |
Secure Coding in C and C++ |
|
Secure Coding in C and C++ presents hundreds of examples of secure code, insecure code, and exploits, implemented for Windows and Linux. | |
Secure Coding in C and C++: C-Style Strings |
|
Secure Coding in C and C++: C-Style Strings | |
Secure Design Patterns |
|
This report describes a set of secure design patterns, which are descriptions or templates describing a general solution to a software security problem that can be applied in many different situations. The secure design patterns detailed in this report are meant to eliminate the accidental insertion of vulnerabilities into code or to mitigate the consequences of vulnerabilities. | |
Securing Information Assets |
|
Securing Information Assets | |
Security Matters – Doesn't It? |
|
Security Matters – Doesn't It? | |
Security Quality Requirements Engineering |
|
Security Quality Requirements Engineering | |
Security of the Internet |
|
Security of the Internet | |
Shifting Perspective to Achieve and Sustain Enterprise Security |
|
Shifting Perspective to Achieve and Sustain Enterprise Security | |
Software Security Engineering: A Guide for Project Managers |
|
With this management guide, you can select from a number of sound practices likely to increase the security and dependability of your software, both during its development and subsequently in its operation. | |
Software Vulnerabilities in Java |
|
This report briefly describes these potential software vulnerabilities in Java version 5. | |
Specifications for Managed Strings |
|
Specifications for Managed Strings | |
State of the Practice of Computer Security Incident Response Teams (CSIRTs) |
|
State of the Practice of Computer Security Incident Response Teams (CSIRTs) | |
Structured Approach to Classifying Security Vulnerabilities, A |
|
A Structured Approach to Classifying Security Vulnerabilities | |
Survivability Assurance for System of Systems |
|
Survivability Assurance for System of Systems | |
Survivability Blends Computer Security |
|
Survivability Blends Computer Security | |
Survivability Blends Computer Security With Business Risk Management |
|
Survivability Blends Computer Security With Business Risk Management | |
Survivability Challenges for Systems of Systems |
|
Survivability Challenges for Systems of Systems | |
Survivable Functional Units: Balancing an Enterprise's Mission and Technology |
|
Survivable Functional Units: Balancing an Enterprise's Mission and Technology | |
Sustaining Operational Resiliency: A Process Improvement Approach to Security Management |
|
Sustaining Operational Resiliency: A Process Improvement Approach to Security Management | |
Tackling the Growing Botnet Threat |
|
Tackling the Growing Botnet Threat | |
Technology Foundations for Computational Evaluation of Software Security Attributes |
|
Technology Foundations for Computational Evaluation of Software Security Attributes | |
The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures |
|
The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures | |
The Goal of Computer Security or What's Yours is Yours Until You Say Otherwise! |
|
The Goal of Computer Security or What's Yours is Yours Until You Say Otherwise! | |
The Internet Security Alliance: Leadership in Information Security |
|
The Internet Security Alliance: Leadership in Information Security | |
The Internet—Friend or Foe? |
|
The Internet—Friend or Foe? | |
The ROI of Security |
|
Security Matters [2006 | 05] | |
There IS an Intruder in My Computer—What Now? |
|
There IS an Intruder in My Computer—What Now? | |
Toward Measures for Software Architectures |
|
Toward Measures for Software Architectures | |
Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues |
|
Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues | |
TransPlant: Helping Organizations to Make the Transition |
|
TransPlant: Helping Organizations to Make the Transition | |
Trustworthy Refinement Through Intrusion-Aware Design |
|
Trustworthy Refinement Through Intrusion-Aware Design | |
Trustworthy Refinement Through Intrusion-Aware Design (2002) |
|
Trustworthy Refinement Through Intrusion-Aware Design (2002) | |
University Hubs Help SEI Spread Information Assurance Curricula and Methods |
|
University Hubs Help SEI Spread Information Assurance Curricula and Methods | |
Use Care When Downloading and Installing Programs |
|
Use Care When Downloading and Installing Programs | |
Use Care When Reading Email with Attachments |
|
Use Care When Reading Email with Attachments | |
Using the Mission Diagnostic: Lessons Learned (2008) |
|
presented at SEPG 2008, March 17-20, 2008 Tampa, Florida | |
Were You Ready for the Melissa Virus? |
|
Were You Ready for the Melissa Virus? | |
What Messages Are You Sending to Vendors? |
|
What Messages Are You Sending to Vendors? | |
What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It? |
|
What is a Distributed Denial of Service (DDoS) Attack and What Can I Do About It? | |
For more information
Email: info@sei.cmu.edu
Call: 412-268-2358
