| |
| |
| List of Figures | |
| |
| |
| List of Tables | |
| |
| |
| Preface | |
| |
| |
| Acknowledgments | |
| |
| |
| |
| About the Cert Resilience Management Model | |
| |
| |
| |
| Introduction | |
| |
| |
| |
| The Influence of Process Improvement and Capability Maturity Models | |
| |
| |
| |
| The Evolution of CERT-RMM | |
| |
| |
| |
| CERT-RMM and CMMI Models | |
| |
| |
| |
| Why CERT-RMM Is Not a Capability Maturity Model | |
| |
| |
| |
| Understanding Key Concepts in CERT-RMM | |
| |
| |
| |
| Foundational Concepts | |
| |
| |
| |
| Elements of Operational Resilience Management | |
| |
| |
| |
| Adapting CERT-RMM Terminology and Concepts | |
| |
| |
| |
| Model Components | |
| |
| |
| |
| The Process Areas and Their Categories | |
| |
| |
| |
| Process Area Component Categories | |
| |
| |
| |
| Process Area Component Descriptions | |
| |
| |
| |
| Numbering Scheme | |
| |
| |
| |
| Typographical and Structural Conventions | |
| |
| |
| |
| Model Relationships | |
| |
| |
| |
| The Model View | |
| |
| |
| |
| Objective Views for Assets | |
| |
| |
| |
| Process Institutionalization and Improvement | |
| |
| |
| |
| Institutionalizing Operational Resilience Management Processes | |
| |
| |
| |
| Overview | |
| |
| |
| |
| Understanding Capability Levels | |
| |
| |
| |
| Connecting Capability Levels to Process Institutionalization | |
| |
| |
| |
| CERT-RMM Generic Goals and Practices | |
| |
| |
| |
| Applying Generic Practices | |
| |
| |
| |
| Process Areas That Support Generic Practices | |
| |
| |
| |
| Using CERT-RMM | |
| |
| |
| |
| Examples of CERT-RMM Uses | |
| |
| |
| |
| Focusing CERT-RMM on Model-Based Process Improvement | |
| |
| |
| |
| Setting and Communicating Objectives Using CERT-RMM | |
| |
| |
| |
| Diagnosing Based on CERT-RMM | |
| |
| |
| |
| Planning CERT-RMM Based Improvements | |
| |
| |
| |
| CERT-RMM Perspectives | |
| |
| |
| Using CERT-RMM in the Utility Sector, by Darren Highfill and James Stevens | |
| |
| |
| Addressing Resilience as a Key Aspect of Software Assurance Throughout the Software Life Cycle, by Julia Allen and Michele Moss | |
| |
| |
| Raising the Bar on Business Resilience, by Nader Mehravari, PhD | |
| |
| |
| Measuring Operational Resilience Using CERT-RMM, by Julia Allen and Noopur Davis | |
| |
| |
| |
| CERT-RMM Process Areas | |
| |
| |
| Asset Definition and Management | |
| |
| |
| Access Management | |
| |
| |
| Communications | |
| |
| |
| Compliance | |
| |
| |
| Controls Management | |
| |
| |
| Environmental Control | |
| |
| |
| Enterprise Focus | |
| |
| |
| External Dependencies Management | |
| |
| |
| Financial Resource Management | |
| |
| |
| Human Resource Management | |
| |
| |
| Identity Management | |
| |
| |
| Incident Management and Control | |
| |
| |
| Knowledge and Information Management | |
| |
| |
| Measurement and Analysis | |
| |
| |
| Monitoring | |
| |
| |
| Organizational Process Definition | |
| |
| |
| Organizational Process Focus | |
| |
| |
| Organizational Training and Awareness | |
| |
| |
| People Management | |
| |
| |
| Risk Management | |
| |
| |
| Resilience Requirements Development | |
| |
| |
| Resilience Requirements Management | |
| |
| |
| Resilient Technical Solution Engineering | |
| |
| |
| Service Continuity | |
| |
| |
| Technology Management | |
| |
| |
| Vulnerability Analysis and Resolution | |
| |
| |
| |
| The Appendices | |
| |
| |
| |
| Generic Goals and Practices | |
| |
| |
| |
| Targeted Improvement Roadmaps | |
| |
| |
| |
| Glossary of Terms | |
| |
| |
| |
| Acronyms and Initialisms | |
| |
| |
| |
| References | |
| |
| |
| Book Contributors | |
| |
| |
| Index | |