Richard Caralli,
Richard A. Caralli,
Julia Allen,
Julia H. Allen,
David White,
David W. White
e.a.
Pearson Education
e druk, 2016
9780134545066
CERT Resilience Management Model (CERT-RMM)
A Maturity Model for Managing Operational Resilience
Specificaties
Paperback, blz.
|
Engels
Pearson Education |
e druk, 2016
ISBN13: 9780134545066
Rubricering
Juridisch
:
Levertijd ongeveer 9 werkdagen
Gratis verzonden
Samenvatting
CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals.
This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM.
Specificaties
ISBN13:9780134545066
Taal:Engels
Bindwijze:Paperback
Uitgever:Pearson Education
Hoofdrubriek:Netwerken, Inkoop en logistiek
Inhoudsopgave
<p style="margin:0px;"></p> <p style="margin:0px;">List of Figures xi</p><p style="margin:0px;">List of Tables xiii</p><p style="margin:0px;">Preface xv</p><p style="margin:0px;">Acknowledgments xxi</p> <p style="margin:0px;"></p> <p style="margin:0px;"> </p> <p style="margin:0px;"></p> <p style="margin:0px;">Part One: About the Cert Resilience Management Model 1</p><p style="margin:0px;"></p> <p style="margin:0px;"> </p> <p style="margin:0px;"></p> <p style="margin:0px;">Chapter 1: Introduction 7</p><p style="margin:0px;"></p> <p style="margin:0px;">1.1 The Influence of Process Improvement and Capability Maturity Models 8</p> <p style="margin:0px;">1.2 The Evolution of CERT-RMM 10</p> <p style="margin:0px;">1.3 CERT-RMM and CMMI Models 15</p> <p style="margin:0px;">1.4 Why CERT-RMM Is Not a Capability Maturity Model 18</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 2: Understanding Key Concepts in CERT-RMM 21</p> <p style="margin:0px;">2.1 Foundational Concepts 21</p> <p style="margin:0px;">2.2 Elements of Operational Resilience Management 27</p> <p style="margin:0px;">2.3 Adapting CERT-RMM Terminology and Concepts 39</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 3: Model Components 41</p> <p style="margin:0px;">3.1 The Process Areas and Their Categories 41</p> <p style="margin:0px;">3.2 Process Area Component Categories 42</p> <p style="margin:0px;">3.3 Process Area Component Descriptions 44</p> <p style="margin:0px;">3.4 Numbering Scheme 47</p> <p style="margin:0px;">3.5 Typographical and Structural Conventions 49</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 4: Model Relationships 53</p> <p style="margin:0px;">4.1 The Model View 54</p> <p style="margin:0px;">4.2 Objective Views for Assets 59</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Part Two: Process Institutionalization and Improvement 65</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 5: Institutionalizing Operational Resilience Management Processes 67</p> <p style="margin:0px;">5.1 Overview 67</p> <p style="margin:0px;">5.2 Understanding Capability Levels 68</p> <p style="margin:0px;">5.3 Connecting Capability Levels to Process Institutionalization 69</p> <p style="margin:0px;">5.4 CERT-RMM Generic Goals and Practices 73</p> <p style="margin:0px;">5.5 Applying Generic Practices 74</p> <p style="margin:0px;">5.6 Process Areas That Support Generic Practices 74</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 6: Using CERT-RMM 77</p> <p style="margin:0px;">6.1 Examples of CERT-RMM Uses 78</p> <p style="margin:0px;">6.2 Focusing CERT-RMM on Model-Based Process Improvement 80</p> <p style="margin:0px;">6.3 Setting and Communicating Objectives Using CERT-RMM 83</p> <p style="margin:0px;">6.4 Diagnosing Based on CERT-RMM 92</p> <p style="margin:0px;">6.5 Planning CERT-RMM—Based Improvements 95</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Chapter 7: CERT-RMM Perspectives 99</p> <p style="margin:0px;">Using CERT-RMM in the Utility Sector, by Darren Highfill and James Stevens 99</p> <p style="margin:0px;">Addressing Resilience as a Key Aspect of Software Assurance Throughout the Software Life Cycle, by Julia Allen and Michele Moss 104</p> <p style="margin:0px;">Raising the Bar on Business Resilience, by Nader Mehravari, PhD 110</p> <p style="margin:0px;">Measuring Operational Resilience Using CERT-RMM, by Julia Allen and Noopur Davis 115</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Part Three: CERT-RMM Process Areas 119</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Asset Definition and Management 121</p> <p style="margin:0px;">Access Management 149</p> <p style="margin:0px;">Communications 175</p> <p style="margin:0px;">Compliance 209</p> <p style="margin:0px;">Controls Management 241</p> <p style="margin:0px;">Environmental Control 271</p> <p style="margin:0px;">Enterprise Focus 307</p> <p style="margin:0px;">External Dependencies Management 341</p> <p style="margin:0px;">Financial Resource Management 381</p> <p style="margin:0px;">Human Resource Management 411</p> <p style="margin:0px;">Identity Management 447</p> <p style="margin:0px;">Incident Management and Control 473</p> <p style="margin:0px;">Knowledge and Information Management 513</p> <p style="margin:0px;">Measurement and Analysis 551</p> <p style="margin:0px;">Monitoring 577</p> <p style="margin:0px;">Organizational Process Definition 607</p> <p style="margin:0px;">Organizational Process Focus 629</p> <p style="margin:0px;">Organizational Training and Awareness 653</p> <p style="margin:0px;">People Management 685</p> <p style="margin:0px;">Risk Management 717</p> <p style="margin:0px;">Resilience Requirements Development 747</p> <p style="margin:0px;">Resilience Requirements Management 771</p> <p style="margin:0px;">Resilient Technical Solution Engineering 793</p> <p style="margin:0px;">Service Continuity 831</p> <p style="margin:0px;">Technology Management 869</p> <p style="margin:0px;">Vulnerability Analysis and Resolution 915</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Part Four: The Appendices 943</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Appendix A: Generic Goals and Practices 945</p> <p style="margin:0px;">Appendix B: Targeted Improvement Roadmaps 957</p> <p style="margin:0px;">Appendix C: Glossary of Terms 965</p> <p style="margin:0px;">Appendix D: Acronyms and Initialisms 989</p> <p style="margin:0px;">Appendix E: References 993</p> <p style="margin:0px;"> </p> <p style="margin:0px;">Book Contributors 997</p> <p style="margin:0px;"> </p> <p style="margin:0px;"></p> <p style="margin:0px;">Index 1001</p> <br> <br>
Net verschenen
Rubrieken
- aanbestedingsrecht
- aansprakelijkheids- en verzekeringsrecht
- accountancy
- algemeen juridisch
- arbeidsrecht
- bank- en effectenrecht
- bestuursrecht
- bouwrecht
- burgerlijk recht en procesrecht
- europees-internationaal recht
- fiscaal recht
- gezondheidsrecht
- insolventierecht
- intellectuele eigendom en ict-recht
- management
- mens en maatschappij
- milieu- en omgevingsrecht
- notarieel recht
- ondernemingsrecht
- pensioenrecht
- personen- en familierecht
- sociale zekerheidsrecht
- staatsrecht
- strafrecht en criminologie
- vastgoed- en huurrecht
- vreemdelingenrecht