SEI Blog | Enterprise Risk and Resilience Management

SEI Blog | Enterprise Risk and Resilience Managementhttp://www.sei.cmu.edu/feeds/topic/Updates on changes and additions to the SEI Blog for posts matching Enterprise Risk and Resilience Managementen-usMon, 20 Apr 2026 00:00:00 -0400Using Data and Data Analytics to Improve Cyber Resiliencehttps://www.sei.cmu.edu/blog/using-data-and-data-analytics-to-improve-cyber-resilience/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOur post highlights the use of data analytics as a force multiplier for cyber resilience as well as best practices to help organizations gain situational awareness on their current security posture.Patsy BuliscoMon, 20 Apr 2026 00:00:00 -0400https://www.sei.cmu.edu/blog/using-data-and-data-analytics-to-improve-cyber-resilience/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe Top 10 Skills CISOs Need in 2024https://www.sei.cmu.edu/blog/the-top-10-skills-cisos-need-in-2024/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post outlines the top 10 skills that CISOs need in 2024 and beyond.Gregory TouhillWed, 24 Jan 2024 00:00:00 -0500https://www.sei.cmu.edu/blog/the-top-10-skills-cisos-need-in-2024/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesProcess and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disasterhttps://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWeak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.Daniel KambicMon, 08 May 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/process-and-technical-vulnerabilities-6-key-takeaways-from-a-chemical-plant-disaster/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementBest Practices in Network SecurityCritical Infrastructure Protection2 Approaches to Risk and Resilience: Asset-Based and Service-Basedhttps://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThere are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.Emily ShawgoMon, 06 Feb 2023 00:00:00 -0500https://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityEnterprise Risk and Resilience ManagementRiskCritical Infrastructure ProtectionIT, OT, and ZT: Implementing Zero Trust in Industrial Control Systemshttps://www.sei.cmu.edu/blog/it-ot-and-zt-implementing-zero-trust-in-industrial-control-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.Brian Benestelli, Daniel KambicMon, 18 Jul 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/it-ot-and-zt-implementing-zero-trust-in-industrial-control-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskSystem End-of-Life Planning: Designing Systems for Maximum Resiliency Over Timehttps://www.sei.cmu.edu/blog/system-end-of-life-planning-designing-systems-for-maximum-resiliency-over-time/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDeployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.Grant Deffenbaugh, Lyndsi HughesMon, 27 Sep 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/system-end-of-life-planning-designing-systems-for-maximum-resiliency-over-time/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEnterprise Risk and Resilience ManagementBest PracticesSystems EngineeringTranslating the Risk Management Framework for Nonfederal Organizationshttps://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.Emily Shawgo, Brian BenestelliMon, 23 Aug 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementCybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementRiskHow to Use the CMMC Assessment Guideshttps://www.sei.cmu.edu/blog/how-to-use-the-cmmc-assessment-guides/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC concepts and definitions, and introduce alternate descriptions of some practices.Douglas GardnerWed, 03 Mar 2021 00:00:00 -0500https://www.sei.cmu.edu/blog/how-to-use-the-cmmc-assessment-guides/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity Maturity Model Certification (CMMC)10 Steps for Managing Risk: OCTAVE FORTEhttps://www.sei.cmu.edu/blog/10-steps-managing-risk-octave-forte/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify existing ERM programs, making them more reliable, measurable, consistent, and repeatable.Brett TuckerMon, 07 Dec 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/10-steps-managing-risk-octave-forte/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskBalancing Cyber Confidence and Privacy Concernshttps://www.sei.cmu.edu/blog/balancing-cyber-confidence-and-privacy-concerns/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about the privacy protocols that make it hard to protect enterprise networks, and their impact on network traffic monitoring in this SEI Blog post.William Reed, Dustin UpdykeMon, 21 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/balancing-cyber-confidence-and-privacy-concerns/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEnterprise Risk and Resilience ManagementCyber Risk and Resilience ManagementFollow the CUI: 4 Steps to Starting Your CMMC Assessmenthttps://www.sei.cmu.edu/blog/follow-the-cui-4-steps-to-starting-your-cmmc-assessment/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOne of the primary drivers of the DoD's Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI).Matthew TrevorsMon, 24 Aug 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/follow-the-cui-4-steps-to-starting-your-cmmc-assessment/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity Maturity Model Certification (CMMC)Beyond NIST SP 800-171: 20 Additional Practices in CMMChttps://www.sei.cmu.edu/blog/beyond-nist-sp-800-171-20-additional-practices-cmmc/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThese 20 practices are intended to make DoD contractors more security conscious.Andrew Hoover, Katie StewartMon, 22 Jun 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/beyond-nist-sp-800-171-20-additional-practices-cmmc/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurityhttps://www.sei.cmu.edu/blog/cybersecurity-maturity-model-certification-cmmc-part-2-process-maturitys-role-in-cybersecurity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMature cybersecurity processes will improve an organization's ability to prevent and respond to a cyberattackAndrew Hoover, Katie StewartMon, 01 Jun 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/cybersecurity-maturity-model-certification-cmmc-part-2-process-maturitys-role-in-cybersecurity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity Maturity Model Certification (CMMC)The Latest Work from the SEI: DevSecOps, Artificial Intelligence, and Cybersecurity Maturity Model Certificationhttps://www.sei.cmu.edu/blog/the-latest-work-from-the-sei-devsecops-artificial-intelligence-and-cybersecurity-maturity-model-certification/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAs part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, conference papers, and webcasts highlighting our work....Douglas SchmidtMon, 25 May 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/the-latest-work-from-the-sei-devsecops-artificial-intelligence-and-cybersecurity-maturity-model-certification/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity Maturity Model Certification (CMMC)An Introduction to the Cybersecurity Maturity Model Certification (CMMC)https://www.sei.cmu.edu/blog/an-introduction-to-the-cybersecurity-maturity-model-certification-cmmc/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesA cyber attack within the DIB supply chain could result in devastating losses of intellectual property and controlled unclassified information.Katie Stewart, Andrew HooverMon, 30 Mar 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/an-introduction-to-the-cybersecurity-maturity-model-certification-cmmc/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCybersecurity Maturity Model Certification (CMMC)Programmer Moneyball: Challenging the Myth of Individual Programmer Productivityhttps://www.sei.cmu.edu/blog/programmer-moneyball-challenging-the-myth-of-individual-programmer-productivity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesA pervasive belief in the field of software engineering is that some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills...Bill NicholsMon, 27 Jan 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/programmer-moneyball-challenging-the-myth-of-individual-programmer-productivity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMeasurement and AnalysisSoftware QualityAfter the Cyber Resilience Review: A Targeted Improvement Plan for Service Continuityhttps://www.sei.cmu.edu/blog/after-the-cyber-resilience-review-a-targeted-improvement-plan-for-service-continuity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn 2011, the SEI's CERT Division developed and published the Cyber Resilience Review (CRR) on behalf of the Department of Homeland Security....Robert Vrtis, Jeffrey PinckardMon, 03 Jun 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/after-the-cyber-resilience-review-a-targeted-improvement-plan-for-service-continuity/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesOperational ResilienceCyber Risk and Resilience ManagementEvaluating Threat-Modeling Methods for Cyber-Physical Systemshttps://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAddressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....Nataliya ShevchenkoMon, 04 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure ProtectionThreat Modeling: 12 Available Methodshttps://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAlmost all software systems today face a variety of threats, and the number of threats grows as technology changes....Nataliya ShevchenkoMon, 03 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure ProtectionAdding Red to Blue: 10 Tactics Defenders Can Learn from Penetration Testershttps://www.sei.cmu.edu/blog/adding-red-to-blue-10-tactics-defenders-can-learn-from-penetration-testers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post, in collaboration with The Veris Group, highlights 10 low-disruption, freely available penetration testing tactics that benefit network defenders.Brent KennedyMon, 14 Dec 2015 00:00:00 -0500https://www.sei.cmu.edu/blog/adding-red-to-blue-10-tactics-defenders-can-learn-from-penetration-testers/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience Management