CERT Resilience Management Model (CERT-RMM): A Maturity Model for Managing Operational Resilience
- By Richard A. Caralli, Julia H. Allen, David W. White
- Published Nov 24, 2010 by Addison-Wesley Professional. Part of the SEI Series in Software Engineering series.
- Copyright 2011
- Dimensions: 7-3/8" x 9-1/8"
- Pages: 1056
- Edition: 1st
- ISBN-10: 0-321-71243-9
- ISBN-13: 978-0-321-71243-1
- eBook (Watermarked)
- ISBN-10: 0-13-256586-2
- ISBN-13: 978-0-13-256586-8
Register your product to gain access to bonus material or receive a coupon.
Product Author Bios
Richard Caralli is a senior member of the technical staff on the Survivable Enterprise Management team within the CERT® Program at SEI. He currently is the team leader for developing and delivering methods, tools, and techniques for enterprise security and resiliency management. Caralli has 25+ years’ IT experience in Fortune 1000 companies covering banking and finance, steel production, light manufacturing, and energy. David White is a senior member of the technical staff in SEI’s CERT Program. A core member of the RMM development team, he performs technical development on RMM and associated products, and assists organizations in adopting and using it.
CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals.
This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM.
Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how itsupports relationships tightly linked to your objectives.
Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change.
Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples.
Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials.
This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.
4 of 4 people found the following review helpful
Details an invaluable resilience model that should be seriously considered by nearly every organization,
This review is from: CERT Resilience Management Model (CERT-RMM): A Maturity Model for Managing Operational Resilience (SEI Series in Software Engineering) (Hardcover)If Gartner were to have created the CERT-RMM framework like what is detailed in the book CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience; it likely would be offered to their clients for at least $15,000-. With a list price of $79.99, the book is clearly a bargain. Besides being inexpensive, it details an invaluable model that should be seriously considered by nearly every organization.
The CERT-RMM is a capability model for operational resilience management. Put more simply; it is a method to tame the out of control world of IT operations.
CERT notes that the model has two primary objectives: to establish the convergence of operational risk and resilience management activities such as security, business continuity, and aspects of IT operations management into a single model. And to apply a process improvement approach to operational resilience management through the definition and application of a capability level... Read more
1 of 1 people found the following review helpful
Encyclopedic revision of resilience...,
Amazon Verified Purchase(What's this?)
This review is from: CERT Resilience Management Model (CERT-RMM): A Maturity Model for Managing Operational Resilience (SEI Series in Software Engineering) (Hardcover)I just finished reading the book. It took me almost three months and the depth of knowledge is really amazing.
If you feel that your organization is only taking partial views of its problems working in code of practices ITIL, CobiT, ISO-27K or BS 25999, maybe you want to take a look of this book.
If you wonder what an organization can do to have a coherent framework respect the several code of practices that appears in the market I recommend to take a look of this book.
If you want some background on the need for resilience for an organization, take a look of this book: "The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage" by Sheffi.
Fast ship, great price....,
Amazon Verified Purchase(What's this?)
This review is from: CERT Resilience Management Model (CERT-RMM): A Maturity Model for Managing Operational Resilience (SEI Series in Software Engineering) (Hardcover)Book meets expectations with CMMI concepts applied to the security framework. This book walks-through the CMMI capability and maturity models and applies it to the maturity of a security program.
› See all 3 customer reviews...
Online Sample Chapter
Table of Contents
List of Figures xi
List of Tables xiii
Part One: About the Cert Resilience Management Model 1
Chapter 1: Introduction 7
1.1 The Influence of Process Improvement and Capability Maturity Models 8
1.2 The Evolution of CERT-RMM 10
1.3 CERT-RMM and CMMI Models 15
1.4 Why CERT-RMM Is Not a Capability Maturity Model 18
Chapter 2: Understanding Key Concepts in CERT-RMM 21
2.1 Foundational Concepts 21
2.2 Elements of Operational Resilience Management 27
2.3 Adapting CERT-RMM Terminology and Concepts 39
Chapter 3: Model Components 41
3.1 The Process Areas and Their Categories 41
3.2 Process Area Component Categories 42
3.3 Process Area Component Descriptions 44
3.4 Numbering Scheme 47
3.5 Typographical and Structural Conventions 49
Chapter 4: Model Relationships 53
4.1 The Model View 54
4.2 Objective Views for Assets 59
Part Two: Process Institutionalization and Improvement 65
Chapter 5: Institutionalizing Operational Resilience Management Processes 67
5.1 Overview 67
5.2 Understanding Capability Levels 68
5.3 Connecting Capability Levels to Process Institutionalization 69
5.4 CERT-RMM Generic Goals and Practices 73
5.5 Applying Generic Practices 74
5.6 Process Areas That Support Generic Practices 74
Chapter 6: Using CERT-RMM 77
6.1 Examples of CERT-RMM Uses 78
6.2 Focusing CERT-RMM on Model-Based Process Improvement 80
6.3 Setting and Communicating Objectives Using CERT-RMM 83
6.4 Diagnosing Based on CERT-RMM 92
6.5 Planning CERT-RMM—Based Improvements 95
Chapter 7: CERT-RMM Perspectives 99
Using CERT-RMM in the Utility Sector, by Darren Highfill and James Stevens 99
Addressing Resilience as a Key Aspect of Software Assurance Throughout the Software Life Cycle, by Julia Allen and Michele Moss 104
Raising the Bar on Business Resilience, by Nader Mehravari, PhD 110
Measuring Operational Resilience Using CERT-RMM, by Julia Allen and Noopur Davis 115
Part Three: CERT-RMM Process Areas 119
Asset Definition and Management 121
Access Management 149
Controls Management 241
Environmental Control 271
Enterprise Focus 307
External Dependencies Management 341
Financial Resource Management 381
Human Resource Management 411
Identity Management 447
Incident Management and Control 473
Knowledge and Information Management 513
Measurement and Analysis 551
Organizational Process Definition 607
Organizational Process Focus 629
Organizational Training and Awareness 653
People Management 685
Risk Management 717
Resilience Requirements Development 747
Resilience Requirements Management 771
Resilient Technical Solution Engineering 793
Service Continuity 831
Technology Management 869
Vulnerability Analysis and Resolution 915
Part Four: The Appendices 943
Appendix A: Generic Goals and Practices 945
Appendix B: Targeted Improvement Roadmaps 957
Appendix C: Glossary of Terms 965
Appendix D: Acronyms and Initialisms 989
Appendix E: References 993
Book Contributors 997
Download the sample pages (includes Chapter 1 and Index)
This book includes free shipping!
This book includes free shipping!
Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.