Organizations can’t plan for
every disruption. They need to be able to handle stressors in their risk
environment at a moment’s notice and with a predictable level of
performance. Resilience management is a process that helps organizations
establish, improve, and sustain the maturity of their operational
resilience management system and their ability to fulfill their business
missions despite disruptions such as cyber security attacks or
breaches, regional infrastructure failures, and natural disasters.
CERT Resilience Management Model is a capability model related to CMMI
models that provides a foundation for a process improvement approach to
operational resilience management. It defines the essential
organizational processes, goals, and practices that are necessary to
manage operational resilience. CERT-RMM can extend an organization’s
ability to develop, deploy, operate, and maintain resilient assets and
services throughout their lifecycle.
Rich Caralli, the
architect of the model, will describe how an organization can use the
model to transform its operational resilience management program by
understanding its capability level, setting forward-looking resiliency
goals and targets, and developing plans to close identified gaps. He
will provide the most up-to-date information on the model and related
elements (such as appraisals, training, and certification) as well as
insight into how the model is being used. In addition, Rich will
address how the use of CERT-RMM can help organizations meet the
provisions of FEMA’s proposed PS-Prep voluntary certification program
while also providing a meaningful and transformative path to improving
the predictability of their resilience under times of stress. Finally,
Rich will provide a preview of a new area of CERT work in resilience
measurement and analysis.
About the Speaker
Caralli is the Technical Manager of the Resilient Enterprise Management
(REM) team within the CERT® Program at the Software Engineering
Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, Pa.
The REM team performs applied research and development in the areas of
resilience management, critical infrastructure protection, information
resilience, and resilience measurement and analysis. The team also has
responsibility for the ongoing development and evolution of the SEI
Smart Grid Maturity Model (SGMM).
Before joining the SEI,
Caralli was responsible for developing the information security
assessment and risk management capabilities of the CyberSecurity Center
at Carnegie Mellon Research Institute. In addition, Caralli has over 25
years experience in information technology (particularly systems
analysis and information systems audit and security) in Fortune 1000
companies covering the banking and finance, steel production,
manufacturing, and energy industries.