http://www.sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Cyber Risk and Resilience Managementen-usMon, 03 Feb 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/introducing-the-insider-incident-data-exchange-standard-iides/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCapturing and sharing information about insider incidents is a challenge. This post introduces the Insider Incident Data Exchange Standard (IIDES) schema for insider incident data collection.Austin WhisnantMon, 03 Feb 2025 00:00:00 -0500https://www.sei.cmu.edu/blog/introducing-the-insider-incident-data-exchange-standard-iides/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesInsider ThreatCyber Risk and Resilience Managementhttps://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWeak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.Daniel KambicMon, 08 May 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementBest Practices in Network SecurityCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/the-benefits-of-cyber-assessment-training/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post discusses how cybersecurity assessments can help critical infrastructure organizations improve their cybersecurity with help from free assessment tools developed by the SEI and offered by the U.S. government.Rhonda Brown, Alexander PetrilliMon, 13 Mar 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/the-benefits-of-cyber-assessment-training/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity EngineeringCyber Risk and Resilience ManagementCybersecurityCyber Workforce Developmenthttps://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThere are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.Emily ShawgoMon, 06 Feb 2023 00:00:00 -0500https://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityEnterprise Risk and Resilience ManagementRiskCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/how-to-mitigate-insider-threats-by-learning-from-past-incidents/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post summarizes a new best practice added to the new 7th edition of the Common Sense Guide to Mitigating Insider Threats, "Learn from Past Insider Threat Incidents."Dan CostaMon, 31 Oct 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/how-to-mitigate-insider-threats-by-learning-from-past-incidents/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceCyber Risk and Resilience Managementhttps://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.Emily Shawgo, Brian BenestelliMon, 23 Aug 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementCybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementRiskhttps://www.sei.cmu.edu/blog/anti-tamper-for-software-components/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post explains how to identify software components within systems that are in danger of being exploited and that should be protected by anti-tamper practices.Scott HissamMon, 21 Jun 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/anti-tamper-for-software-components/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware AssuranceSystem ResilienceCyber Risk and Resilience ManagementSupply Chainshttps://www.sei.cmu.edu/blog/balancing-cyber-confidence-and-privacy-concerns/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about the privacy protocols that make it hard to protect enterprise networks, and their impact on network traffic monitoring in this SEI Blog post.William Reed, Dustin UpdykeMon, 21 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/balancing-cyber-confidence-and-privacy-concerns/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEnterprise Risk and Resilience ManagementCyber Risk and Resilience Managementhttps://www.sei.cmu.edu/blog/after-the-cyber-resilience-review-a-targeted-improvement-plan-for-service-continuity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn 2011, the SEI's CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the Department of Homeland Security....Robert Vrtis, Jeffrey PinckardMon, 03 Jun 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/after-the-cyber-resilience-review-a-targeted-improvement-plan-for-service-continuity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOperational ResilienceCyber Risk and Resilience Managementhttps://www.sei.cmu.edu/blog/how-to-use-static-analysis-to-enforce-sei-cert-coding-standards-for-iot-applications/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Jeep hack, methods to hack ATMs, and even hacks to a casino's fish tank provide stark evidence of the risks associated with the Internet of Things (IoT)....David SvobodaMon, 01 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/how-to-use-static-analysis-to-enforce-sei-cert-coding-standards-for-iot-applications/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity-Related RequirementsSecure CodingCyber Risk and Resilience ManagementStatic AnalysisCybersecuritySecure DevelopmentCyber MissionsBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAddressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....Nataliya ShevchenkoMon, 04 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAlmost all software systems today face a variety of threats, and the number of threats grows as technology changes....Nataliya ShevchenkoMon, 03 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/cybersecurity-engineering-performance-risk-and-secure-coding-the-latest-work-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post highlights the latest work from the SEI, focusing on cybersecurity engineering, performance risk, and secure coding practices.Douglas SchmidtMon, 28 Nov 2016 00:00:00 -0500https://www.sei.cmu.edu/blog/cybersecurity-engineering-performance-risk-and-secure-coding-the-latest-work-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware and Information AssuranceCyber Risk and Resilience ManagementCybersecurityhttps://www.sei.cmu.edu/blog/adding-red-to-blue-10-tactics-defenders-can-learn-from-penetration-testers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post, in collaboration with The Veris Group, highlights 10 low-disruption, freely available penetration testing tactics that benefit network defenders.Brent KennedyMon, 14 Dec 2015 00:00:00 -0500https://www.sei.cmu.edu/blog/adding-red-to-blue-10-tactics-defenders-can-learn-from-penetration-testers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience Management