Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes
As security issues dominate news headlines and affect our daily lives, organizations need to improve their ability to protect and sustain their business-critical assets, people, information, technology, and facilities using human and financial resources efficiently and effectively. Traditional activities such as security and business continuity must not only be effective at achieving these goals but also must offer the organization increased capabilities for managing and controlling operational resiliency. Unfortunately, organizations often manage these activities in a reactive posture fraught with stove-piped organizational structures and poorly defined and measured goals. The result: potentially less-than-adequate operational resiliency to support business objectives. But organizations can vastly improve operational resiliency by viewing it as an engineering-based process that can be defined, managed, measured, and improved. This view ensures collaboration between security and business continuity activities toward common goals and considers the role of supporting activities such as governance, asset and risk management, and financial control. This report introduces the CERT Resiliency Engineering Framework as a foundational model that describes the essential processes for managing operational resiliency, provides a structure from which an organization can begin process improvement of its security and business continuity efforts, and catalyzes the formation of a community from which further definition of this emerging discipline can evolve.
This report is related to the following area(s) of work:
Security and SurvivabilityTechnical Report
CMU/SEI-2007-TR-009
May 2007
Cite This Report
SEI:
Caralli, Richard; Stevens, James; Wallen, Charles; White, David; Wilson, William; & Young, Lisa. Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes (CMU/SEI-2007-TR-009). Software Engineering Institute, Carnegie Mellon University, 2007. http://www.sei.cmu.edu/library/abstracts/reports/07tr009.cfm
IEEE:
R. Caralli, J. Stevens, C. Wallen, D. White, W. Wilson, and L. Young, "Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2007-TR-009, 2007. http://www.sei.cmu.edu/library/abstracts/reports/07tr009.cfm
APA:
Caralli, R., Stevens, J., Wallen, C., White, D., Wilson, W., & Young, L. (2007). Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes (CMU/SEI-2007-TR-009). Retrieved June 18, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/07tr009.cfm
CHI:
Caralli, Richard, James Stevens, Charles Wallen, David White, William Wilson, and Lisa Young. Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes (CMU/SEI-2007-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2007. http://www.sei.cmu.edu/library/abstracts/reports/07tr009.cfm
MLA:
Caralli, R., Stevens, J., Wallen, C., White, D., Wilson, W., & Young, L. 2007. Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes (Technical Report CMU/SEI-2007-TR-009). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/07tr009.cfm
Find Us Here
Share This Page
For more information
