CERT® Resilience Management Model: A Maturity Model for Managing Operational Resilience

CERT® Resilience Management Model: A Maturity Model for Managing Operational Resilience

by Richard A. Caralli, Julia H. Allen, David W. White
Released November 2010
Publisher(s): Addison-Wesley Professional
ISBN: 9780132565905

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments.

CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals.

This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM. 

The book is divided into four parts:

  • Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how it supports relationships tightly linked to your objectives.

  • Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change.  

  • Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples.

  • Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials.  

    • This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.

    Table of contents

    1. Title Page
    2. Copyright Page
    3. Contents
    4. List of Figures
    5. List of Tables
    6. Preface
    7. Acknowledgments
    8. Part One: About the CERT Resilience Management Model
      1. Chapter 1. Introduction
      2. Chapter 2. Understanding Key Concepts in CERT-RMM
      3. Chapter 3. Model Components
      4. Chapter 4. Model Relationships
    9. Part Two: Process Institutionalization and Improvement
      1. Chapter 5. Institutionalizing Operational Resilience Management Processes
      2. Chapter 6. Using CERT-RMM
      3. Chapter 7. CERT-RMM Perspectives
    10. Part Three: CERT-RMM Process Areas
      1. Asset Definition and Management
      2. Access Management
      3. Communications
      4. Compliance
      5. Controls Management
      6. Environmental Control
      7. Enterprise Focus
      8. External Dependencies Management
      9. Financial Resource Management
      10. Human Resource Management
      11. Identity Management
      12. Incident Management and Control
      13. Knowledge and Information Management
      14. Measurement and Analysis
      15. Monitoring
      16. Organizational Process Definition
      17. Organizational Process Focus
      18. Organizational Training and Awareness
      19. People Management
      20. Risk Management
      21. Resilience Requirements Development
      22. Resilience Requirements Management
      23. Resilient Technical Solution Engineering
      24. Service Continuity
      25. Technology Management
      26. Vulnerability Analysis and Resolution
    11. Part Four: The Appendices
      1. Appendix A. Generic Goals and Practices
      2. Appendix B. Targeted Improvement Roadmaps
      3. Appendix C. Glossary of Terms
      4. Appendix D. Acronyms and Initialisms
      5. Appendix E. References
    12. Book Contributors
      1. Book Authors
    13. Index
    14. Process Areas by Process Area Category
    15. Generic Goals and Generic Practices
    16. Footnotes
      1. Preface
      2. Chapter 1
      3. Chapter 2
      4. Chapter 3
      5. Chapter 5
      6. Chapter 6
      7. Chapter 7
      8. Chapter 14
      9. Appendix B

    Product information

    • Title: CERT® Resilience Management Model: A Maturity Model for Managing Operational Resilience
    • Author(s): Richard A. Caralli, Julia H. Allen, David W. White
    • Release date: November 2010
    • Publisher(s): Addison-Wesley Professional
    • ISBN: 9780132565905