Accession Number : ADA549400


Title :   Measures for Managing Operational Resilience


Descriptive Note : Technical rept.


Corporate Author : CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST


Personal Author(s) : Allen, Julia H ; Curtis, Pamela D


Full Text : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA549400


Report Date : Jul 2011


Pagination or Media Count : 81


Abstract : How resilient is my organization? Have our processes made us more resilient? Members of the CERT(Registered Trademark) Resilient Enterprise Management (REM) team are conducting research to address these and other related questions. The team's first report, Measuring Operational Resilience Using the CERT Resilience Management Model, defined high-level objectives for managing an operational resilience management (ORM) system, demonstrated how to derive meaningful measures from those objectives, and presented a template for defining resilience measures, along with example measures. In this report, REM team members suggest a set of top 10 strategic measures for managing operational resilience. These measures derive from high-level objectives of the ORM system defined in the CERT Resilience Management Model, Version 1.1 (CERT-RMM). The report also provides measures for each of the 26 process areas of CERT-RMM, as well as a set of global measures that apply to all process areas. This report thus serves as an addendum to CERT-RMM Version 1.1. Since CERT-RMM practices map to bodies of knowledge and codes of practice such as ITIL, COBIT, ISO2700x, BS25999, and PCI DSS, the measures may be useful for measuring security, business continuity, and IT operations management processes, either as part of adoption of CERT-RMM or independent of it.


Descriptors :   *COMPUTER SECURITY , *INFORMATION SECURITY , *INFORMATION SYSTEMS , *MEASURES OF EFFECTIVENESS , *RESILIENCE , *RISK MANAGEMENT , COMMUNICATIONS NETWORKS , COMPUTER NETWORKS , CRISIS MANAGEMENT , MEASUREMENT , ORGANIZATIONS , TEAMS(PERSONNEL)


Subject Categories : Computer Systems
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE