Richard Caralli,
Richard A. Caralli,
Julia Allen,
Julia H. Allen,
David White,
David W. White
e.a.
CERT Resilience Management Model (CERT-RMM)
A Maturity Model for Managing Operational Resilience
Paperback Engels 2016 9780134545066
Verwachte levertijd ongeveer 9 werkdagen
Samenvatting
CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals.
This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM.
Specificaties
ISBN13:9780134545066
Taal:Engels
Bindwijze:Paperback
Uitgever:Pearson Education
Hoofdrubriek:Netwerken, Inkoop en logistiek
Lezersrecensies
Wees de eerste die een lezersrecensie schrijft!
Inhoudsopgave
<p style="margin:0px;"></p> <p style="margin:0px;">List of Figures xi</p><p style="margin:0px;">List of Tables xiii</p><p style="margin:0px;">Preface xv</p><p style="margin:0px;">Acknowledgments xxi</p> <p style="margin:0px;"></p> <p style="margin:0px;"> </p> <p style="margin:0px;"></p> <p style="margin:0px;">Part One: About the Cert Resilience Management Model 1</p><p style="margin:0px;"></p> <p style="margin:0px;"> </p> <p style="margin:0px;"></p> <p style="margin:0px;">Chapter 1: Introduction 7</p><p style="margin:0px;"></p> <p style="margin:0px;">1.1 The Influence of Process Improvement and Capability Maturity Models 8</p> <p style="margin:0px;">1.2 The Evolution of CERT-RMM 10</p> <p style="margin:0px;">1.3 CERT-RMM and CMMI Models 15</p> <p style="margin:0px;">1.4 Why CERT-RMM Is Not a Capability Maturity Model 18</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 2: Understanding Key Concepts in CERT-RMM 21</p> <p style="margin:0px;">2.1 Foundational Concepts 21</p> <p style="margin:0px;">2.2 Elements of Operational Resilience Management 27</p> <p style="margin:0px;">2.3 Adapting CERT-RMM Terminology and Concepts 39</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 3: Model Components 41</p> <p style="margin:0px;">3.1 The Process Areas and Their Categories 41</p> <p style="margin:0px;">3.2 Process Area Component Categories 42</p> <p style="margin:0px;">3.3 Process Area Component Descriptions 44</p> <p style="margin:0px;">3.4 Numbering Scheme 47</p> <p style="margin:0px;">3.5 Typographical and Structural Conventions 49</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 4: Model Relationships 53</p> <p style="margin:0px;">4.1 The Model View 54</p> <p style="margin:0px;">4.2 Objective Views for Assets 59</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Part Two: Process Institutionalization and Improvement 65</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 5: Institutionalizing Operational Resilience Management Processes 67</p> <p style="margin:0px;">5.1 Overview 67</p> <p style="margin:0px;">5.2 Understanding Capability Levels 68</p> <p style="margin:0px;">5.3 Connecting Capability Levels to Process Institutionalization 69</p> <p style="margin:0px;">5.4 CERT-RMM Generic Goals and Practices 73</p> <p style="margin:0px;">5.5 Applying Generic Practices 74</p> <p style="margin:0px;">5.6 Process Areas That Support Generic Practices 74</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 6: Using CERT-RMM 77</p> <p style="margin:0px;">6.1 Examples of CERT-RMM Uses 78</p> <p style="margin:0px;">6.2 Focusing CERT-RMM on Model-Based Process Improvement 80</p> <p style="margin:0px;">6.3 Setting and Communicating Objectives Using CERT-RMM 83</p> <p style="margin:0px;">6.4 Diagnosing Based on CERT-RMM 92</p> <p style="margin:0px;">6.5 Planning CERT-RMM—Based Improvements 95</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 7: CERT-RMM Perspectives 99</p> <p style="margin:0px;">Using CERT-RMM in the Utility Sector, by Darren Highfill and James Stevens 99</p> <p style="margin:0px;">Addressing Resilience as a Key Aspect of Software Assurance Throughout the Software Life Cycle, by Julia Allen and Michele Moss 104</p> <p style="margin:0px;">Raising the Bar on Business Resilience, by Nader Mehravari, PhD 110</p> <p style="margin:0px;">Measuring Operational Resilience Using CERT-RMM, by Julia Allen and Noopur Davis 115</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Part Three: CERT-RMM Process Areas 119</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Asset Definition and Management 121</p> <p style="margin:0px;">Access Management 149</p> <p style="margin:0px;">Communications 175</p> <p style="margin:0px;">Compliance 209</p> <p style="margin:0px;">Controls Management 241</p> <p style="margin:0px;">Environmental Control 271</p> <p style="margin:0px;">Enterprise Focus 307</p> <p style="margin:0px;">External Dependencies Management 341</p> <p style="margin:0px;">Financial Resource Management 381</p> <p style="margin:0px;">Human Resource Management 411</p> <p style="margin:0px;">Identity Management 447</p> <p style="margin:0px;">Incident Management and Control 473</p> <p style="margin:0px;">Knowledge and Information Management 513</p> <p style="margin:0px;">Measurement and Analysis 551</p> <p style="margin:0px;">Monitoring 577</p> <p style="margin:0px;">Organizational Process Definition 607</p> <p style="margin:0px;">Organizational Process Focus 629</p> <p style="margin:0px;">Organizational Training and Awareness 653</p> <p style="margin:0px;">People Management 685</p> <p style="margin:0px;">Risk Management 717</p> <p style="margin:0px;">Resilience Requirements Development 747</p> <p style="margin:0px;">Resilience Requirements Management 771</p> <p style="margin:0px;">Resilient Technical Solution Engineering 793</p> <p style="margin:0px;">Service Continuity 831</p> <p style="margin:0px;">Technology Management 869</p> <p style="margin:0px;">Vulnerability Analysis and Resolution 915</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Part Four: The Appendices 943</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Appendix A: Generic Goals and Practices 945</p> <p style="margin:0px;">Appendix B: Targeted Improvement Roadmaps 957</p> <p style="margin:0px;">Appendix C: Glossary of Terms 965</p> <p style="margin:0px;">Appendix D: Acronyms and Initialisms 989</p> <p style="margin:0px;">Appendix E: References 993</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Book Contributors 997</p> <p style="margin:0px;"> </p> <p style="margin:0px;"></p> <p style="margin:0px;">Index 1001</p> <br> <br>
Rubrieken
- advisering
- algemeen management
- coaching en trainen
- communicatie en media
- economie
- financieel management
- inkoop en logistiek
- internet en social media
- it-management / ict
- juridisch
- leiderschap
- marketing
- mens en maatschappij
- non-profit
- ondernemen
- organisatiekunde
- personal finance
- personeelsmanagement
- persoonlijke effectiviteit
- projectmanagement
- psychologie
- reclame en verkoop
- strategisch management
- verandermanagement
- werk en loopbaan