Entries Tagged as 'Cyber Risk'

Malware Analysis, Acquisition Strategies, Network Situational Awareness, & Cyber Risk - The Latest Research from the SEI

Cyber Risk , Emerging Technologies , Resilience Management Model (RMM) No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. Schmidt As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in malware analysis, acquisition strategies, network situational awareness, and resilience management (with three reports from this research area), incident management, and future architectures. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

Identifying Security Gaps in International Postal and Transportation Infrastructure

Cyber Risk , Resilience Management Model (RMM) No Comments »

By Nader Mehravari
Senior Member of the Technical Staff
CERT Cyber Risk Management Team

Nader MehravariIn October 2010, two packages from Yemen containing explosives were discovered on U.S.-bound cargo planes of two of the largest worldwide shipping companies, UPS and FedEx, according to reports by CNN and the Wall Street Journal. The discovery highlighted a long-standing problem—securing international cargo—and ushered in a new area of concern for such entities as the United States Postal Inspection Service (USPIS) and the Universal Postal Union (UPU), a specialized agency of the United Nations that regulates the postal services of 192 member countries. In early 2012, the UPU and several stakeholder organizations developed two standards to improve security in the transport of international mail and to improve the security of critical postal facilities. As with any new set of standards, however, a mechanism was needed to enable implementation of the standards and measure compliance to them. This blog post describes the method developed by researchers in the CERT Division at Carnegie Mellon University’s Software Engineering Institute, in conjunction with the USPIS, to identify gaps in the security of international mail processing centers and similar shipping and transportation processing facilities.

Read more...