| |
| |
List of Figures | |
| |
| |
List of Tables | |
| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
| |
About the Cert Resilience Management Model | |
| |
| |
| |
Introduction | |
| |
| |
| |
The Influence of Process Improvement and Capability Maturity Models | |
| |
| |
| |
The Evolution of CERT-RMM | |
| |
| |
| |
CERT-RMM and CMMI Models | |
| |
| |
| |
Why CERT-RMM Is Not a Capability Maturity Model | |
| |
| |
| |
Understanding Key Concepts in CERT-RMM | |
| |
| |
| |
Foundational Concepts | |
| |
| |
| |
Elements of Operational Resilience Management | |
| |
| |
| |
Adapting CERT-RMM Terminology and Concepts | |
| |
| |
| |
Model Components | |
| |
| |
| |
The Process Areas and Their Categories | |
| |
| |
| |
Process Area Component Categories | |
| |
| |
| |
Process Area Component Descriptions | |
| |
| |
| |
Numbering Scheme | |
| |
| |
| |
Typographical and Structural Conventions | |
| |
| |
| |
Model Relationships | |
| |
| |
| |
The Model View | |
| |
| |
| |
Objective Views for Assets | |
| |
| |
| |
Process Institutionalization and Improvement | |
| |
| |
| |
Institutionalizing Operational Resilience Management Processes | |
| |
| |
| |
Overview | |
| |
| |
| |
Understanding Capability Levels | |
| |
| |
| |
Connecting Capability Levels to Process Institutionalization | |
| |
| |
| |
CERT-RMM Generic Goals and Practices | |
| |
| |
| |
Applying Generic Practices | |
| |
| |
| |
Process Areas That Support Generic Practices | |
| |
| |
| |
Using CERT-RMM | |
| |
| |
| |
Examples of CERT-RMM Uses | |
| |
| |
| |
Focusing CERT-RMM on Model-Based Process Improvement | |
| |
| |
| |
Setting and Communicating Objectives Using CERT-RMM | |
| |
| |
| |
Diagnosing Based on CERT-RMM | |
| |
| |
| |
Planning CERT-RMM Based Improvements | |
| |
| |
| |
CERT-RMM Perspectives | |
| |
| |
Using CERT-RMM in the Utility Sector, by Darren Highfill and James Stevens | |
| |
| |
Addressing Resilience as a Key Aspect of Software Assurance Throughout the Software Life Cycle, by Julia Allen and Michele Moss | |
| |
| |
Raising the Bar on Business Resilience, by Nader Mehravari, PhD | |
| |
| |
Measuring Operational Resilience Using CERT-RMM, by Julia Allen and Noopur Davis | |
| |
| |
| |
CERT-RMM Process Areas | |
| |
| |
Asset Definition and Management | |
| |
| |
Access Management | |
| |
| |
Communications | |
| |
| |
Compliance | |
| |
| |
Controls Management | |
| |
| |
Environmental Control | |
| |
| |
Enterprise Focus | |
| |
| |
External Dependencies Management | |
| |
| |
Financial Resource Management | |
| |
| |
Human Resource Management | |
| |
| |
Identity Management | |
| |
| |
Incident Management and Control | |
| |
| |
Knowledge and Information Management | |
| |
| |
Measurement and Analysis | |
| |
| |
Monitoring | |
| |
| |
Organizational Process Definition | |
| |
| |
Organizational Process Focus | |
| |
| |
Organizational Training and Awareness | |
| |
| |
People Management | |
| |
| |
Risk Management | |
| |
| |
Resilience Requirements Development | |
| |
| |
Resilience Requirements Management | |
| |
| |
Resilient Technical Solution Engineering | |
| |
| |
Service Continuity | |
| |
| |
Technology Management | |
| |
| |
Vulnerability Analysis and Resolution | |
| |
| |
| |
The Appendices | |
| |
| |
| |
Generic Goals and Practices | |
| |
| |
| |
Targeted Improvement Roadmaps | |
| |
| |
| |
Glossary of Terms | |
| |
| |
| |
Acronyms and Initialisms | |
| |
| |
| |
References | |
| |
| |
Book Contributors | |
| |
| |
Index | |