Entries Tagged as 'Resilience Management Model (RMM) '

Information Resilience in Today’s High Risk Information Economy

Information Resilience , Resilience Management Model (RMM) No Comments »

By Nader Mehravari
Senior Member of the Technical Staff
CERT Cyber Risk Management Team

This blog post was co-authored by Julia Allen and Pamela Curtis

Nader MehravariEarlier this month, the U.S. Postal Service reported that hackers broke into their computer system and stole data records including social security numbers for 2.9 million customers and 750,000 employees and retirees, according to reports on the breach. In the JP Morgan Chase cyber breach earlier this year, it was reported that hackers stole the personal data of 76 million households as well as information from approximately 8 million small businesses. This breach and other recent thefts of data from Adobe (152 million records), EBay (145 million records), and The Home Depot (56 million records) highlight a fundamental shift in the economic and operational environment, with data at the heart of today’s information economy. In this new economy, it is vital for organizations to evolve the manner in which they manage and secure information. Ninety percent of the data that is processed, stored, disseminated, and consumed in the world today was created in the past two years. Organizations are increasingly creating, collecting, and analyzing data on everything (as exemplified in the growth of big data analytics). While this trend produces great benefits to businesses, it introduces new security, safety, and privacy challenges in protecting the data and controlling its appropriate use. In this blog post, I will discuss the challenges that organizations face in this new economy, define the concept of information resilience, and explore the body of knowledge associated with the CERT Resilience Management Model (CERT-RMM) as a means for helping organizations protect and sustain vital information.

Read more...

The Latest Research from the SEI

Malware , Resilience Management Model (RMM) , Secure Coding , Systems Engineering No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. Schmidt As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in secure codingCERT Resilience Management Modelmalicious-code reverse engineering,systems engineering, and incident management. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website. 

Read more...

Identifying Security Gaps in International Postal and Transportation Infrastructure

Cyber Risk , Resilience Management Model (RMM) No Comments »

By Nader Mehravari
Senior Member of the Technical Staff
CERT Cyber Risk Management Team

Nader MehravariIn October 2010, two packages from Yemen containing explosives were discovered on U.S.-bound cargo planes of two of the largest worldwide shipping companies, UPS and FedEx, according to reports by CNN and the Wall Street Journal. The discovery highlighted a long-standing problem—securing international cargo—and ushered in a new area of concern for such entities as the United States Postal Inspection Service (USPIS) and the Universal Postal Union (UPU), a specialized agency of the United Nations that regulates the postal services of 192 member countries. In early 2012, the UPU and several stakeholder organizations developed two standards to improve security in the transport of international mail and to improve the security of critical postal facilities. As with any new set of standards, however, a mechanism was needed to enable implementation of the standards and measure compliance to them. This blog post describes the method developed by researchers in the CERT Division at Carnegie Mellon University’s Software Engineering Institute, in conjunction with the USPIS, to identify gaps in the security of international mail processing centers and similar shipping and transportation processing facilities.

Read more...

The Latest Research from the SEI

Insider Threat , Resilience Management Model (RMM) No Comments »

By Douglas C. Schmidt
Principal Researcher

Doug SchmidtAs part of an ongoing effort to keep you informed about our latest work, I’d like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in and systems engineering, resilience, and insider threat. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

The Latest Research from the SEI

Resilience Management Model (RMM) No Comments »

By Douglas C. Schmidt
Principal Researcher

Doug Schmidt As part of an ongoing effort to keep you informed about our latest work, I'd like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in embedded systems, risk management, risk-based measurement and analysis, early lifecycle cost estimation, and techniques for detecting data anomalies. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...