Tutorial Offerings on Monday, 6 June

This year, delegates had the opportunity to register to attend a one-day tutorial session on Monday, 6 June.

Introduction to the CMMI Accelerated Improvement Method (AIM)


Presenters: Timothy Chick, James McHale

This tutorial is designed for organizational leaders, process improvement champions, consultants, and advocates. It concentrates on the concepts and strategies underlying the SEI's new Accelerated Improvement Method (AIM). AIM is a radical departure from the traditional methods of CMMI implementation, technology transition, and organizational change. It provides a strategic organizational focus while implementing performance improvements through a tactical bottom up approach.  AIM integrates and leverages established and effective improvement technologies; CMMI, SCAMPI, Team Software Process (TSP), a rapid deployment strategy, and the Six Sigma toolkit. This integration has resulted in a repeatable fast track to high performance.

The tutorial will allow participants to:

• Hear an overview of the SEI’s new AIM.
• Review the technologies, tools, methods, and strategies used in AIM.
• Discuss how AIM is deployed.
• Review results organizations have achieved applying the AIM strategyUnderstand the SEI’s new CMMI-AIM.

Managing Risk and Resilience: The CERT Resilience Management Model (CERT-RMM)


Presenters: David White


This tutorial is designed for individuals who wish to learn a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM), v1.1. This tutorial will describe operational resilience in complex, risk-evolving environments as it relates to risks that affect system and software assurance and will introduce CERT-RMM concepts and process areas. CERT-RMM’s relationship to CMMI and its coverage of software and system assurance throughout the life cycle will also be explained.

This tutorial will allow participants to:

• Understand the challenges of managing operational resilience.
• Have a working knowledge of key operational resilience, operational risk, and resilience management concepts and their relationships.
• Begin planning for a process improvement effort in their organization.



Software Engineers as Insider Threats: Actual Attacks and Their Consequences


Presenter: Dawn Cappelli



This tutorial will discuss the work of the CERT® Insider Threat Center, which has catalogued over 500 cases of actual insider attacks, capturing the technical details, behavioral indicators, organizational context, management issues, and legal/contractual factors. This session will describe the patterns in each type of case (insider IT sabotage, theft of intellectual property, and fraud), focusing specifically on attacks carried out or facilitated by software engineers.

The tutorial will allow participants to:

• Understand the motivation, characteristics of insiders, behavioral and technical precursors, and technical aspects of insider fraud, theft of confidential or sensitive information, and IT sabotage.
• Understand insider threats that have been introduced during various phases of the software engineering life cycle, as well as mitigation strategies for preventing them in their own organizations.
• Know what "observables" to looking for within their own organizations that could indicate a pending insider attack.
• Leave with actionable steps that they can take to better manage the risk of insider threat in their organization.