CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals. This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM. Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how itsupports relationships tightly linked to your objectives. Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change. Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples. Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials. This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.

This book introduces fundamental concepts of cyber resilience, drawing expertise from academia, industry, and government. Resilience is defined as the ability to recover from or easily adjust to shocks and stresses. Unlike the concept of security - which is often and incorrectly conflated with resilience -- resilience refers to the system's ability to recover or regenerate its performance after an unexpected impact produces a degradation in its performance. A clear understanding of distinction between security, risk and resilience is important for developing appropriate management of cyber threats. The book presents insightful discussion of the most current technical issues in cyber resilience, along with relevant methods and procedures. Practical aspects of current cyber resilience practices and techniques are described as they are now, and as they are likely to remain in the near term. The bulk of the material is presented in the book in a way that is easily accessible to non-specialists. Logical, consistent, and continuous discourse covering all key topics relevant to the field will be of use as teaching material as well as source of emerging scholarship in the field. A typical chapter provides introductory, tutorial-like material, detailed examples, in-depth elaboration of a selected technical approach, and a concise summary of key ideas.

CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resili.

Resilience engineering depends on four abilities: the ability a) to respond to what happens, b) to monitor critical developments, c) to anticipate future threats and opportunities, and d) to learn from past experience - successes as well as failures. They

No person or place is immune from disasters or disaster-related losses. Infectious disease outbreaks, acts of terrorism, social unrest, or financial disasters in addition to natural hazards can all lead to large-scale consequences for the nation and its communities. Communities and the nation thus face difficult fiscal, social, cultural, and environmental choices about the best ways to ensure basic security and quality of life against hazards, deliberate attacks, and disasters. Beyond the unquantifiable costs of injury and loss of life from disasters, statistics for 2011 alone indicate economic damages from natural disasters in the United States exceeded $55 billion, with 14 events costing more than a billion dollars in damages each. One way to reduce the impacts of disasters on the nation and its communities is to invest in enhancing resilience-the ability to prepare and plan for, absorb, recover from and more successfully adapt to adverse events. Disaster Resilience: A National Imperative addresses the broad issue of increasing the nation's resilience to disasters. This book defines "national resilience", describes the state of knowledge about resilience to hazards and disasters, and frames the main issues related to increasing resilience in the United States. It also provide goals, baseline conditions, or performance metrics for national resilience and outlines additional information, data, gaps, and/or obstacles that need to be addressed to increase the nation's resilience to disasters. Additionally, the book's authoring committee makes recommendations about the necessary approaches to elevate national resilience to disasters in the United States. Enhanced resilience allows better anticipation of disasters and better planning to reduce disaster losses-rather than waiting for an event to occur and paying for it afterward. Disaster Resilience confronts the topic of how to increase the nation's resilience to disasters through a vision of the characteristics of a resilient nation in the year 2030. Increasing disaster resilience is an imperative that requires the collective will of the nation and its communities. Although disasters will continue to occur, actions that move the nation from reactive approaches to disasters to a proactive stance where communities actively engage in enhancing resilience will reduce many of the broad societal and economic burdens that disasters can cause.