CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals. This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM. Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how itsupports relationships tightly linked to your objectives. Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change. Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples. Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials. This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.

CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resili.

Abstract: "Organizations in every sector -- industry, government, and academia -- are facing increasingly complex operational environments and dynamic risk environments. These demands conspire to force organizations to rethink how they manage operational risk and the resilience of critical business processes and services. The CERT Resilience Management Model (CERT-RMM) is an innovative and transformative way to approach the challenge of managing operational resilience in complex, risk-evolving environments. It is the result of years of research into the ways that organizations manage the security and survivability of the assets that ensure mission success. It incorporates concepts from an established process improvement community to allow organizations to holistically mature their security, business continuity, and IT operations management capabilities and improve predictability and success in sustaining operations whenever disruption occurs. This report describes the model's key concepts, components, and process area relationships and provides guidance for applying the model to meet process improvement and other objectives. One process area is included in its entirety; the others are presented in outline form. All of the CERT-RMM process areas are available for download at www.cert.org/resilience."

Never HIGHLIGHT a Book Again! Virtually all of the testable terms, concepts, persons, places, and events from the textbook are included. Cram101 Just the FACTS101 studyguides give all of the outlines, highlights, notes, and quizzes for your textbook with optional online comprehensive practice tests. Only Cram101 is Textbook Specific. Accompanys: 9780321712431 .

Never HIGHLIGHT a Book Again Virtually all testable terms, concepts, persons, places, and events are included. Cram101 Textbook Outlines gives all of the outlines, highlights, notes for your textbook with optional online practice tests. Only Cram101 Outlines are Textbook Specific. Cram101 is NOT the Textbook. Accompanys: 9780521673761

Measurement involves transforming management decisions, such as strategic direction and policy, into action, and measuring the performance of that action. As organizations strive to improve their ability to effectively manage operational resilience, it is essential that they have an approach for determining what measures best inform the extent to which they are meeting their performance objectives. Operational resilience comprises the disciplines of security, business continuity, and aspects of IT operations. The reference model used as the foundation for this research project is the CERT(R) Resilience Management Model v1.0. This model provides a process-based framework of goals and practices at four increasing levels of capability and defines twenty six process areas, each of which includes a set of candidate measures. Meaningful measurement occurs in a context so this approach is further defined by exploring and deriving example measures within the context of selected ecosystems, which are collections of process areas that are required to meet a specific objective. Example measures are defined using a measurement template. This report is the first in a series and is intended to start a dialogue on this important topic.