http://www.sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Enterprise Risk and Resilience Managementen-usMon, 08 May 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWeak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.Daniel KambicMon, 08 May 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementBest Practices in Network SecurityCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThere are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.Emily ShawgoMon, 06 Feb 2023 00:00:00 -0500https://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityEnterprise Risk and Resilience ManagementRiskCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/system-end-of-life-planning-designing-systems-for-maximum-resiliency-over-time/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDeployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.Grant Deffenbaugh, Lyndsi HughesMon, 27 Sep 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/system-end-of-life-planning-designing-systems-for-maximum-resiliency-over-time/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEnterprise Risk and Resilience ManagementBest PracticesSystems Engineeringhttps://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.Emily Shawgo, Brian BenestelliMon, 23 Aug 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementCybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementRiskhttps://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to mitigate concerns before the CCPA takes effect.Emily Kessel, Sarah Miller, Carrie GardnerMon, 31 May 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience ManagementInsider ThreatBest Practiceshttps://www.sei.cmu.edu/blog/balancing-cyber-confidence-and-privacy-concerns/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about the privacy protocols that make it hard to protect enterprise networks, and their impact on network traffic monitoring in this SEI Blog post.William Reed, Dustin UpdykeMon, 21 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/balancing-cyber-confidence-and-privacy-concerns/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEnterprise Risk and Resilience ManagementCyber Risk and Resilience Managementhttps://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAddressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....Nataliya ShevchenkoMon, 04 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAlmost all software systems today face a variety of threats, and the number of threats grows as technology changes....Nataliya ShevchenkoMon, 03 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure Protectionhttps://www.sei.cmu.edu/blog/malware-analysis-acquisition-strategies-network-situational-awareness-cyber-risk-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post presents the SEI's latest research on malware analysis, acquisition strategies, network situational awareness, and cyber risk management.Douglas SchmidtMon, 01 Dec 2014 00:00:00 -0500https://www.sei.cmu.edu/blog/malware-analysis-acquisition-strategies-network-situational-awareness-cyber-risk-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesResilience Management Model (RMM)Enterprise Risk and Resilience ManagementRiskEmerging Technologieshttps://www.sei.cmu.edu/blog/a-taxonomy-for-managing-operational-cybersecurity-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post discusses large-scale cyberattacks on payment card systems and a recent effort to create a taxonomy for operational cybersecurity risks.James CebulaMon, 04 Aug 2014 00:00:00 -0400https://www.sei.cmu.edu/blog/a-taxonomy-for-managing-operational-cybersecurity-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience ManagementOCTAVEhttps://www.sei.cmu.edu/blog/understanding-how-network-security-professionals-perceive-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesExplore the perception of risk among network security professionals and factors that influence SEI's research on risk formulation in this SEI Blog.James CebulaMon, 24 Jun 2013 00:00:00 -0400https://www.sei.cmu.edu/blog/understanding-how-network-security-professionals-perceive-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience Management