摘要 :
Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal personnel, assets, and revenues. Such methodologies als...
展开
Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal personnel, assets, and revenues. Such methodologies also contribute to the security and resilience of the mode of transport used to carry mail and the protection of the global mail supply chain. Since 2011, the U.S. Postal Inspection Service (USPIS) has collaborated with the CERT Division at Carnegie Mellon University's Software Engineering Institute to improve the resilience of selected U.S. Postal Service (USPS) products and services. The CERT Resilience Management Model (CERT-RMM) and its companion diagnostic methods served as the foundational tool for this collaboration. This report includes one result of the USPIS/CERT collaboration. It is an extension of CERT-RMM to include a new mail-specific process area for the transportation of international mail. The purpose is to ensure that all international mail is transported in accordance with the standards established by the Universal Postal Union (UPU), which is the governing body that regulates the transportation of international mail.
收起
摘要 :
Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal personnel, assets, and revenues. Such methodologies als...
展开
Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal personnel, assets, and revenues. Such methodologies also contribute to the security and resilience of the mode of transport used to carry mail and the protection of the global mail supply chain. Since 2011, the U.S. Postal Inspection Service (USPIS) has collaborated with the CERT Division at Carnegie Mellon University's Software Engineering Institute (SEI) to improve the resilience of selected U.S. Postal Service (USPS) products and services. The CERT Resilience Management Model (CERT-RMM) and its companion diagnostic methods served as the foundational tool for this collaboration. This report includes one result of the USPIS/CERT collaboration. It is an extension of CERT-RMM to include a new mail-specific process area for the induction (acceptance) of mail into the U.S. domestic mail stream. The purpose is to ensure that mail is collected and accepted in accordance with USPS standards and requirements for the resilience of mail during the induction process.
收起
摘要 :
Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal personnel, assets, and revenues. Such methodologies als...
展开
Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal personnel, assets, and revenues. Such methodologies also contribute to the security and resilience of the mode of transport used to carry mail and the protection of the global mail supply chain. Since 2011, the U.S. Postal Inspection Service (USPIS) has collaborated with the CERT Division at Carnegie Mellon University's Software Engineering Institute (SEI) to improve the resilience of selected U.S. Postal Service (USPS) products and services. The CERT Resilience Management Model (CERT-RMM) and its companion diagnostic methods served as the foundational tool for this collaboration. This report includes one result of the USPIS/CERT collaboration. It is an extension of CERT-RMM to include a new mail-specific process area for revenue assurance. The purpose is to ensure that the USPS is compensated for all mail that is accepted, transported, and delivered.
收起
摘要 :
Organizations that are using the CERT. Resilience Management Model and organizations that are considering using it want information about the business value of implementing resilience processes and practices, and how to determine ...
展开
Organizations that are using the CERT. Resilience Management Model and organizations that are considering using it want information about the business value of implementing resilience processes and practices, and how to determine which ones to implement. This report describes the SEI research study that begins to address this need. It includes a discussion of the completed phase 1 study and a proposed phase 2 project. Phase 1 included forming a hypothesis and set of research questions and using a variety of techniques to collect data and evaluate whether resilience practices have a discernible (measurable) effect on operational resilience--that is, an organization's ability to continue to carry out its mission (provide critical services) in the presence of operational stress and disruption. The outcomes of phase 1 provide the foundation for the proposed phase 2. The longer term goal includes developing a quantitative, validated business case for prioritizing and implementing specific resilience practices, including decision criteria for selecting and measuring investments in improved resilience.
收起
摘要 :
This report describes the first CERT(registered trademark) Resilience Management Model (RMM) Users Group (RUG) Workshop Series and relays the experiences of participating members and CERT staff. This workshop series comprised four...
展开
This report describes the first CERT(registered trademark) Resilience Management Model (RMM) Users Group (RUG) Workshop Series and relays the experiences of participating members and CERT staff. This workshop series comprised four workshops, which took place between March 2011 and February 2012. In this report, we provide a brief overview of the CERT Resilience Management Model (CERT-RMM), describe the architecture for this series of workshops, and present suggestions for improving future RUG Workshop Series.
收起
摘要 :
How resilient is my organization. Have our processes made us more resilient. Members of the CERT(Registered Trademark) Resilient Enterprise Management (REM) team are conducting research to address these and other related questions...
展开
How resilient is my organization. Have our processes made us more resilient. Members of the CERT(Registered Trademark) Resilient Enterprise Management (REM) team are conducting research to address these and other related questions. The team's first report, 'Measuring Operational Resilience Using the CERT Resilience Management Model,' defined high-level objectives for managing an operational resilience management (ORM) system, demonstrated how to derive meaningful measures from those objectives, and presented a template for defining resilience measures, along with example measures. In this report, REM team members suggest a set of top 10 strategic measures for managing operational resilience. These measures derive from high-level objectives of the ORM system defined in the CERT Resilience Management Model, Version 1.1 (CERT- RMM). The report also provides measures for each of the 26 process areas of CERT-RMM, as well as a set of global measures that apply to all process areas. This report thus serves as an addendum to CERT-RMM Version 1.1. Since CERT-RMM practices map to bodies of knowledge and codes of practice such as ITIL, COBIT, ISO2700x, BS25999, and PCI DSS, the measures may be useful for measuring security, business continuity, and IT operations management processes, either as part of adoption of CERT-RMM or independent of it.
收起
摘要 :
The CERT(registered trademark) Resilient Enterprise Management (REM) team is researching operational resilience and the organizational processes that support it. The team's first report, Measuring Operational Resilience Using the ...
展开
The CERT(registered trademark) Resilient Enterprise Management (REM) team is researching operational resilience and the organizational processes that support it. The team's first report, Measuring Operational Resilience Using the CERT(registered trademark) Resilience Management Model (CMU/SEI-2010- TN-030), defined high-level objectives for managing an operational resilience management system, demonstrated how to derive meaningful measures from those objectives, and presented a template for defining resilience measures. The team's second report, Measures for Managing Operational Resilience (CMU/SEI- 2011-TR-019), suggested strategic measures for managing operational resilience and provided candidate measures for the 26 process areas of the CERT(registered trademark) Resilience Management Model, Version 1.1 (CERT(registered trademark)- RMM). This technical note describes how implementation-level processes can provide the necessary context for identifying and defining measures of operational resilience. While CERT-RMM defines the commonly used or best practices for operational resilience--what an organization should do-- organization-specific processes must be defined at the implementation level to describe how to perform those practices. Organizations can then identify and define measures within the context of their specific processes and constituent procedures. Organizations can use the measures to evaluate process performance and operational resilience and identify opportunities for improvement. This technical note provides examples and templates for defining processes and procedures and for defining related assets and measures.
收起
摘要 :
Researchers at the CERT (trademark) Program, part of Carnegie Mellon University's Software Engineering Institute, need a framework to organize research and practice areas focused on building assured systems. The Building Assured S...
展开
Researchers at the CERT (trademark) Program, part of Carnegie Mellon University's Software Engineering Institute, need a framework to organize research and practice areas focused on building assured systems. The Building Assured Systems Framework (BASF) addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems. After reviewing existing life-cycle process models, security models, and security research frameworks, the authors used the Master of Software Assurance Reference Curriculum knowledge areas as the BASF. The authors mapped all major CERT research areas to the BASF, proving that the BASF is useful for organizing building assured systems research. The authors also performed a gap analysis to identify promising CERT research areas. The BASF is a useful structure for planning and communicating about CERT research. The BASF will also be useful to CERT sponsors to track current research and development efforts in building assured systems.
收起
摘要 :
Measurement involves transforming management decisions, such as strategic direction and policy, into action, and measuring the performance of that action. As organizations strive to improve their ability to effectively manage oper...
展开
Measurement involves transforming management decisions, such as strategic direction and policy, into action, and measuring the performance of that action. As organizations strive to improve their ability to effectively manage operational resilience, it is essential that they have an approach for determining what measures best inform the extent to which they are meeting their performance objectives. Operational resilience comprises the disciplines of security, business continuity, and aspects of IT operations. The reference model used as the foundation for this research project is the CERT(R) Resilience Management Model v1.0. This model provides a process-based framework of goals and practices at four increasing levels of capability and defines twenty six process areas, each of which includes a set of candidate measures. Meaningful measurement occurs in a context so this approach is further defined by exploring and deriving example measures within the context of selected ecosystems, which are collections of process areas that are required to meet a specific objective. Example measures are defined using a measurement template. This report is the first in a series and is intended to start a dialogue on this important topic.
收起