http://www.sei.cmu.edu/feeds/topic/enterprise-risk-and-resilience-management/atom/?utm_source=blog&utm_medium=rss2024-01-24T00:00:00-05:00Updates on changes and additions to the SEI Blog for posts matching Enterprise Risk and Resilience Management2024-01-24T00:00:00-05:002024-01-24T00:00:00-05:00Gregory Touhillhttps://www.sei.cmu.edu/blog/the-top-10-skills-cisos-need-in-2024/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post outlines the top 10 skills that CISOs need in 2024 and beyond.

2023-05-08T00:00:00-04:002023-05-08T00:00:00-04:00Daniel Kambichttps://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Weak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.

2023-02-06T00:00:00-05:002023-02-06T00:00:00-05:00Emily Shawgohttps://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

There are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.

2022-07-18T00:00:00-04:002022-07-18T00:00:00-04:00Brian Benestelli, Daniel Kambichttps://www.sei.cmu.edu/blog/it-ot-and-zt-implementing-zero-trust-in-industrial-control-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.

2021-09-27T00:00:00-04:002021-09-27T00:00:00-04:00Grant Deffenbaugh, Lyndsi Hugheshttps://www.sei.cmu.edu/blog/system-end-of-life-planning-designing-systems-for-maximum-resiliency-over-time/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Deployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.

2021-08-23T00:00:00-04:002021-08-23T00:00:00-04:00Emily Shawgo, Brian Benestellihttps://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.

2021-03-03T00:00:00-05:002021-03-03T00:00:00-05:00Douglas Gardnerhttps://www.sei.cmu.edu/blog/how-to-use-the-cmmc-assessment-guides/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC concepts and definitions, and introduce alternate descriptions of some practices.

2020-12-07T00:00:00-05:002020-12-07T00:00:00-05:00Brett Tuckerhttps://www.sei.cmu.edu/blog/10-steps-managing-risk-octave-forte/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify existing ERM programs, making them more reliable, measurable, consistent, and repeatable.

2020-09-21T00:00:00-04:002020-09-21T00:00:00-04:00William Reed, Dustin Updykehttps://www.sei.cmu.edu/blog/balancing-cyber-confidence-and-privacy-concerns/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Learn about the privacy protocols that make it hard to protect enterprise networks, and their impact on network traffic monitoring in this SEI Blog post.

2020-08-24T00:00:00-04:002020-08-24T00:00:00-04:00Matthew Trevorshttps://www.sei.cmu.edu/blog/follow-the-cui-4-steps-to-starting-your-cmmc-assessment/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

One of the primary drivers of the DoD's Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI).

2020-06-22T00:00:00-04:002020-06-22T00:00:00-04:00Andrew Hoover, Katie Stewarthttps://www.sei.cmu.edu/blog/beyond-nist-sp-800-171-20-additional-practices-cmmc/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

These 20 practices are intended to make DoD contractors more security conscious.

2020-06-01T00:00:00-04:002020-06-01T00:00:00-04:00Andrew Hoover, Katie Stewarthttps://www.sei.cmu.edu/blog/cybersecurity-maturity-model-certification-cmmc-part-2-process-maturitys-role-in-cybersecurity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Mature cybersecurity processes will improve an organization's ability to prevent and respond to a cyberattack

2020-05-25T00:00:00-04:002020-05-25T00:00:00-04:00Douglas Schmidthttps://www.sei.cmu.edu/blog/the-latest-work-from-the-sei-devsecops-artificial-intelligence-and-cybersecurity-maturity-model-certification/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts highlighting our work....

2020-03-30T00:00:00-04:002020-03-30T00:00:00-04:00Katie Stewart, Andrew Hooverhttps://www.sei.cmu.edu/blog/an-introduction-to-the-cybersecurity-maturity-model-certification-cmmc/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

A cyber attack within the DIB supply chain could result in devastating losses of intellectual property and controlled unclassified information.

2020-01-27T00:00:00-05:002020-01-27T00:00:00-05:00Bill Nicholshttps://www.sei.cmu.edu/blog/programmer-moneyball-challenging-the-myth-of-individual-programmer-productivity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

A pervasive belief in the field of software engineering is that some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills...

2019-06-03T00:00:00-04:002019-06-03T00:00:00-04:00Robert Vrtis, Jeffrey Pinckardhttps://www.sei.cmu.edu/blog/after-the-cyber-resilience-review-a-targeted-improvement-plan-for-service-continuity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

In 2011, the SEI's CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the Department of Homeland Security....

2019-02-04T00:00:00-05:002019-02-04T00:00:00-05:00Nataliya Shevchenkohttps://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Addressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....

2018-12-03T00:00:00-05:002018-12-03T00:00:00-05:00Nataliya Shevchenkohttps://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Almost all software systems today face a variety of threats, and the number of threats grows as technology changes....

2015-12-14T00:00:00-05:002015-12-14T00:00:00-05:00Brent Kennedyhttps://www.sei.cmu.edu/blog/adding-red-to-blue-10-tactics-defenders-can-learn-from-penetration-testers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

This SEI Blog post, in collaboration with The Veris Group, highlights 10 low-disruption, freely available penetration testing tactics that benefit network defenders.

2015-10-12T00:00:00-04:002015-10-12T00:00:00-04:00Doug Grayhttps://www.sei.cmu.edu/blog/applying-threat-intelligence-to-operational-resilience-and-risk-management-frameworks/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates

Learn how applying threat intelligence can help organizations improve their operational resilience and risk management frameworks in this SEI Blog post.