Atnaujinkite slapukų nuostatas

CERT Resilience Management Model (CERT-RMM): A Maturity Model for Managing Operational Resilience [Minkštas viršelis]

, ,
  • Formatas: Paperback / softback, 1056 pages, aukštis x plotis x storis: 10x10x10 mm, weight: 1501 g
  • Išleidimo metai: 26-Feb-2016
  • Leidėjas: Addison Wesley
  • ISBN-10: 0134545060
  • ISBN-13: 9780134545066
Kitos knygos pagal šią temą:
CERT Resilience Management Model (CERT-RMM): A Maturity Model for Managing Operational ResilienceDidesnis paveikslėlis
  • Formatas: Paperback / softback, 1056 pages, aukštis x plotis x storis: 10x10x10 mm, weight: 1501 g
  • Išleidimo metai: 26-Feb-2016
  • Leidėjas: Addison Wesley
  • ISBN-10: 0134545060
  • ISBN-13: 9780134545066
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780134545066.html
CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals.

 

This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMMs Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM.

 

Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMMs conventions and core principles, describes the model architecturally, and shows how it supports relationships tightly linked to your objectives.

 

Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change.

 

Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples.

 

Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials.

 

This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.
List Of Figures
xi
List Of Tables
xiii
Preface xv
Acknowledgments xxi
PART ONE ABOUT THE CERT RESILIENCE MANAGEMENT MODEL
1(64)
1 Introduction
7(14)
1.1 The Influence of Process Improvement and Capability Maturity Models
8(2)
1.2 The Evolution of CERT-RMM
10(5)
1.3 CERT-RMM and CMMI Models
15(3)
1.4 Why CERT-RMM Is Not a Capability Maturity Model
18(3)
2 Understanding Key Concepts In CERT-RMM
21(20)
2.1 Foundational Concepts
21(6)
2.1.1 Disruption and Stress
21(2)
2.1.2 Convergence
23(2)
2.1.3 Managing Operational Resilience
25(2)
2.2 Elements of Operational Resilience Management
27(12)
2.2.1 Services
27(2)
2.2.2 Business Processes
29(1)
2.2.3 Assets
30(3)
2.2.4 Resilience Requirements
33(2)
2.2.5 Strategies for Protecting and Sustaining Assets
35(1)
2.2.6 Life-Cycle Coverage
36(3)
2.3 Adapting CERT-RMM Terminology and Concepts
39(2)
3 Model Components
41(12)
3.1 The Process Areas and Their Categories
41(1)
3.1.1 Process Area Icons
42(1)
3.2 Process Area Component Categories
42(2)
3.2.1 Required Components
44(1)
3.2.2 Expected Components
44(1)
3.2.3 Informative Components
44(1)
3.3 Process Area Component Descriptions
44(3)
3.3.1 Purpose Statements
44(1)
3.3.2 Introductory Notes
44(1)
3.3.3 Related Process Areas Section
45(1)
3.3.4 Summary of Specific Goals and Practices
45(1)
3.3.5 Specific Goals and Practices
45(1)
3.3.6 Generic Goals and Practices
46(1)
3.3.7 Typical Work Products
46(1)
3.3.8 Subpractices, Notes, Example Blocks, Generic Practice Elaborations, References, and Amplifications
47(1)
3.4 Numbering Scheme
47(2)
3.5 Typographical and Structural Conventions
49(4)
4 Model Relationships
53(12)
4.1 The Model View
54(5)
4.1.1 Enterprise Management
54(2)
4.1.2 Engineering
56(1)
4.1.3 Operations
56(1)
4.1.4 Process Management
57(2)
4.2 Objective Views for Assets
59(6)
4.2.1 People
59(1)
4.2.2 Information
59(1)
4.2.3 Technology
60(1)
4.2.4 Facilities
60(5)
PART TWO PROCESS INSTITUTIONALIZATION AND IMPROVEMENT
65(54)
5 Institutionalizing Operational Resilience Management Processes
67(10)
5.1 Overview
67(1)
5.2 Understanding Capability Levels
68(1)
5.3 Connecting Capability Levels to Process Institutionalization
69(4)
5.3.1 Capability Level 0: Incomplete
70(1)
5.3.2 Capability Level 1: Performed
70(1)
5.3.3 Capability Level 2: Managed
70(2)
5.3.4 Capability Level 3: Defined
72(1)
5.3.5 Other Capability Levels
72(1)
5.4 CERT-RMM Generic Goals and Practices
73(1)
5.4.1 CERT-RMM Elaborated Generic Goals and Practices
74(1)
5.5 Applying Generic Practices
74(1)
5.6 Process Areas That Support Generic Practices
74(3)
6 Using CERT-RMM
77(22)
6.1 Examples of CERT-RMM Uses
78(2)
6.1.1 Supporting Strategic and Operational Objectives
78(1)
6.1.2 A Basis for Evaluation, Guidance, and Comparison
78(1)
6.1.3 An Organizing Structure for Deployed Practices
79(1)
6.1.4 Model-Based Process Improvement
80(1)
6.2 Focusing CERT-RMM on Model-Based Process Improvement
80(3)
6.2.1 Making the Business Case
81(1)
6.2.2 A Process Improvement Process
82(1)
6.3 Setting and Communicating Objectives Using CERT-RMM
83(9)
6.3.1 Organizational Scope
85(2)
6.3.2 Model Scope
87(3)
6.3.3 Capability Level Targets
90(2)
6.4 Diagnosing Based on CERT-RMM
92(3)
6.4.1 Formal Diagnosis Using the CERT-RMM Capability Appraisal Method
92(2)
6.4.2 Informal Diagnosis
94(1)
6.5 Planning CERT-RMM--Based Improvements
95(4)
6.5.1 Analyzing Gaps
95(1)
6.5.2 Planning Practice Instantiation
95(4)
7 CERT-RMM Perspectives
99(20)
Using CERT-RMM in the Utility Sector
99(5)
Darren Highfill
James Stevens
Addressing Resilience as a Key Aspect of Software Assurance Throughout the Software Life Cycle
104(6)
Julia Allen
Michele Moss
Raising the Bar on Business Resilience
110(5)
Nader Mehravari
Measuring Operational Resilience Using CERT-RMM
115(4)
Julia Allen
Noopur Davis
PART THREE CERT-RMM PROCESS AREAS
119(824)
Asset Definition And Management
121(28)
Access Management
149(26)
Communications
175(34)
Compliance
209(32)
Controls Management
241(30)
Environmental Control
271(36)
Enterprise Focus
307(34)
External Dependencies Management
341(40)
Financial Resource Management
381(30)
Human Resource Management
411(36)
Identity Management
447(26)
Incident Management And Control
473(40)
Knowledge And Information Management
513(38)
Measurement And Analysis
551(26)
Monitoring
577(30)
Organizational Process Definition
607(22)
Organizational Process Focus
629(24)
Organizational Training And Awareness
653(32)
People Management
685(32)
Risk Management
717(30)
Resilience Requirements Development
747(24)
Resilience Requirements Management
771(22)
Resilient Technical Solution Engineering
793(38)
Service Continuity
831(38)
Technology Management
869(46)
Vulnerability Analysis And Resolution
915(28)
PART FOUR THE APPENDICES
943(58)
A Generic Goals And Practices
945(12)
B Targeted Improvement Roadmaps
957(8)
C Glossary Of Terms
965(24)
D Acronyms And Initialisms
989(4)
E References
993(4)
Book Contributors
997(4)
Index 1001
The authors are senior technical staff members within the CERT Program of the Software Engineering Institute (SEI). Richard A. Caralli, Resilient Enterprise Management technical manager, develops and delivers methods, tools, and techniques for enterprise security and resilience management. He has led the development of CERT-RMM. Julia H. Allen conducts research in operational resilience, software security and assurance, and measurement and analysis. She served as the SEIs Acting Director and Deputy Director/COO and authored The CERT® Guide to System and Network Security Practices (Addison-Wesley, 2001). David W. White, a core member of the CERT-RMM development team, develops CERT-RMM and related products and helps organizations apply them.