Building a Practical Framework for Enterprise-Wide Security [PDF]

Abstract. Carnegie Mellon University's Software Engineering Institute's CERT® Centers are working with executives in co

2 downloads 14 Views 87KB Size

Recommend Stories


Building a regulatory framework for geothermal energy
Knock, And He'll open the door. Vanish, And He'll make you shine like the sun. Fall, And He'll raise

Practical Computer Security for Writers
Don't ruin a good today by thinking about a bad yesterday. Let it go. Anonymous

Practical Security for Disconnected Nodes
Raise your words, not voice. It is rain that grows flowers, not thunder. Rumi

A Framework for Aviation Cyber Security
Be grateful for whoever comes, because each has been sent as a guide from beyond. Rumi

a Conceptual Integrative Strategic Framework for a Practical R
Goodbyes are only for those who love with their eyes. Because for those who love with heart and soul

[PDF] A Practical Course in Wooden Boat and Ship Building
Be like the sun for grace and mercy. Be like the night to cover others' faults. Be like running water

A Framework for Practical Universally Composable Zero-Knowledge Protocols
When you talk, you are only repeating what you already know. But if you listen, you may learn something

Practical privacy and security for opportunistic networks
You miss 100% of the shots you don’t take. Wayne Gretzky

a framework for a
This being human is a guest house. Every morning is a new arrival. A joy, a depression, a meanness,

PdF A Framework for Human Resource Management
Silence is the language of God, all else is poor translation. Rumi

Idea Transcript


Menu Areas of Work

Areas of Work back Acquisition Support Cyber-Physical Systems Measurement & Analysis Performance & Dependability Pervasive Mobile Computing Process & Performance Improvement Risk Management Security & Survivability Smart Grid Software Architecture Software Product Lines System of Systems Ultra-Large-Scale Systems Engage with Us Products & Services

Products & Services back SEI Training SEI Partner Network SEI Certification Calendar of Events Tools & Methods Research Consulting Library

Library back SEI Digital Library SEI Podcast Series SEI Webinar Series Careers News About Us

About Us back SEI Overview Director's Message Our Organization Sponsor Board of Visitors Leadership Team SEI Fellows Our People Year in Review CMU SEI CERT Division Digital Library SEI Insights

SEI Menu Work Areas

Welcome to SEI Acquisition Support Cyber-Physical Systems Measurement & Analysis Performance & Dependability Pervasive Mobile Computing Process & Performance Improvement Risk Management Security & Survivability Smart Grid Software Architecture Software Product Lines System of Systems Ultra-Large-Scale Systems

New Publications SEI Cyber Minute: SCALe CyGraph: Big-Data Graph Analysis For Cybersecurity and Mission Resilience Automated Detection and Analysis of IoT Network Traffic Through Distributed Open Source Sensors and Citizen Scientists Multi-Dimensional Network Anomaly Detection with Machine Learning Eliminating Barriers to Automated Tensor Analysis for Large-scale Flows

About SEI The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time. Learn more Engage with Us Products & Services SEI Training SEI Partner Network SEI Certification Calendar of Events

Tools & Methods Research Consulting Library SEI Digital Library SEI Podcast Series SEI Webinar Series News Careers About Us SEI Overview Director's Message Our Organization Our People Year in Review Menu Home Digital Library Building a Practical Framework for Enterprise-Wide Security Management

Digital Library Enter Keywords Search Advanced Search Presentation

Building a Practical Framework for Enterprise-Wide Security Management April 2004 By Julia H. Allen Contributor Kevin Behr (IP Services and ITPI), Richard A. Caralli, Eileen C. Forrester, Gene Kim (IP Services and ITPI), Larry Rogers, Jeannine Siviy, William R. Wilson In this presentation, the authors describe a practical framework for enterprise-wide security management as developed by the CERT Division. Cyber Risk and Resilience Management Publisher: Software Engineering Institute

Abstract Carnegie Mellon University's Software Engineering Institute's CERT® Centers are working with executives in commercial and government organizations to develop a practical framework for enterprisewide security management. They have found that current efforts to manage security vulnerabilities and security risks only take an enterprise so far, with results degrading over time and as complexity increases. What is needed is a framework that (1) mobilizes key enterprise functions to achieve and sustain a desired security state in the normal course of business and (2) addresses the proliferation of security regulations, standards, checklists, scorecards, assessments, and audits. This presentation describes work in progress on such a framework. This presentation first describes the problem from a reactive/intruder-based perspective, as we in the security community typically consider it. What becomes clear is that we cannot continue to attempt to solve the 'security problem' solely from this point of view. We will never catch up or be able to fully anticipate new and increasingly sophisticated attack patterns or even old ones with known solutions that continue to proliferate. We must begin to broaden the solution to encompass an enterprise wide, proactive, and controls- and process-based approach that addresses impact, not just threat and vulnerability. From this broader vantage point, we offer several promising ways to think about the problem and tackle it effectively, based on current work with high performing organizations. We call this approach Enterprise Security Management. Download

Ask a question about this Presentation Back to Top Desktop View

Connect with Us Contact Us 4500 Fifth Avenue Pittsburgh, PA 15213-2612 U.S.A. 412-268-5800

Who We Are The Software Engineering Institute (SEI) is a federally funded research and development center (FFRDC) sponsored by the U.S. Department of Defense (DoD). It is operated by Carnegie Mellon University.

About Leadership News Calendar of Events Year in Review Careers Locations

Services Engage with Us Partner Network SEI Training

Work Areas Acquisition Support Cyber-Physical Systems Measurement & Analysis Performance & Dependability Pervasive Mobile Computing Process & Performance Improvement Risk Management Security & Survivability Smart Grid Software Architecture Software Product Lines System of Systems Ultra-Large-Scale Systems

Resources Insights Digital Library Podcasts Webinars Tools & Methods Legal

SEI INSIGHTS Deep Learning: Going Deeper toward Meaningful Patterns in Complex Data By Carson Sestili February 12, 2018

LATEST WEBINAR Is Software Spoiling Us? By Jeff Boleng , Grace Lewis , Eliezer Kanal , Satya Venneti , Joseph Yankel January 30, 2018

Terms of Use | Privacy Statement | Intellectual Property © 2018 Carnegie Mellon University

Smile Life

When life gives you a hundred reasons to cry, show life that you have a thousand reasons to smile

Get in touch

© Copyright 2015 - 2024 PDFFOX.COM - All rights reserved.