http://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Best Practicesen-usMon, 19 Jun 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/whats-going-on-in-my-program-12-rules-for-conducting-assessments/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post provides 12 rules for successful program or project assessments.William NovakMon, 19 Jun 2023 00:00:00 -0400https://www.sei.cmu.edu/blog/whats-going-on-in-my-program-12-rules-for-conducting-assessments/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSoftware Cost EstimatesSoftware SustainmentAcquisition TransformationMeasurement and AnalysisBest PracticesSoftware Qualityhttps://www.sei.cmu.edu/blog/system-end-of-life-planning-designing-systems-for-maximum-resiliency-over-time/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDeployment plans for computing environments must account for hardware replacements and decommissions even though such activities may not occur until years later.Grant Deffenbaugh, Lyndsi HughesMon, 27 Sep 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/system-end-of-life-planning-designing-systems-for-maximum-resiliency-over-time/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesEnterprise Risk and Resilience ManagementBest PracticesSystems Engineeringhttps://www.sei.cmu.edu/blog/operator-feedback-sessions-in-a-government-setting-the-good-and-not-so-good-parts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post covers good and not-so-good practices and outcomes in operator-feedback sessions in government environments.Michael Szegedy, Timothy A. ChickMon, 26 Jul 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/operator-feedback-sessions-in-a-government-setting-the-good-and-not-so-good-parts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesContinuous Deployment of CapabilityRequirementsUser-ExperienceHuman-Computer InteractionUsabilityBest PracticesAgile Adoption in GovernmentSoftware Qualityhttps://www.sei.cmu.edu/blog/considerations-for-operator-feedback-sessions-in-government-settings/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post describes a design approach that considers operator feedback and effectively leverages feedback sessions.Michael Szegedy, Timothy A. ChickMon, 28 Jun 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/considerations-for-operator-feedback-sessions-in-government-settings/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBest PracticesAgile Adoption in GovernmentSoftware QualityRequirementsUser-ExperienceHuman-Computer InteractionUsabilityContinuous Deployment of Capabilityhttps://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to mitigate concerns before the CCPA takes effect.Emily Kessel, Sarah Miller, Carrie GardnerMon, 31 May 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience ManagementInsider ThreatBest Practiceshttps://www.sei.cmu.edu/blog/mapping-cyber-hygiene-to-the-nist-cybersecurity-framework/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn honor of Cybersecurity Awareness Month, I decided to put fingers to keys and share some basic practices that every organization should consider for their cyber hygiene initiatives....Matthew TrevorsWed, 30 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/mapping-cyber-hygiene-to-the-nist-cybersecurity-framework/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceBest PracticesBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/its-time-to-retire-your-unsupported-things/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates"If it ain't broke, don't fix it." Why mess with something that already works? This is fair advice with many things in life. But when it comes to software security, it's important to....William DormannWed, 23 Oct 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/its-time-to-retire-your-unsupported-things/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability MitigationSecurity VulnerabilitiesCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIt's been two years since we originally published the CERT Guide to Coordinated Vulnerability Disclosure. In that time, it's influenced both the US Congress and EU Parliament....Allen HouseholderMon, 16 Sep 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/comments-on-voluntary-voting-system-guidelines-20-principles-and-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe U.S. Election Assistance Commission recently held a public comment period on their Voluntary Voting System Guidelines 2.0 Principles and Guidelines....Allen Householder, Deana Shick, Jonathan Spring, Art ManionFri, 14 Jun 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/comments-on-voluntary-voting-system-guidelines-20-principles-and-guidelines/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesCERT/CCSoftware and Information AssuranceBest Practiceshttps://www.sei.cmu.edu/blog/a-new-scientifically-supported-best-practice-that-can-enhance-every-insider-threat-program/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe CERT National Insider Threat Center (NITC) continues to transition its insider threat research to the public through its publications of the Common Sense Guide to Mitigating Insider Threats (CSG)....Michael Theis, The CERT Insider Threat CenterTue, 09 Apr 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/a-new-scientifically-supported-best-practice-that-can-enhance-every-insider-threat-program/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesInsider ThreatBest Practiceshttps://www.sei.cmu.edu/blog/are-you-providing-cybersecurity-awareness-training-or-education/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesWhen I attend trainings, conferences, or briefings, I usually end up listening to someone reading slides about a problem. Rarely am I provided with any solutions or actions to remediate the problem....Mike PetockWed, 20 Mar 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/are-you-providing-cybersecurity-awareness-training-or-education/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatBest Practiceshttps://www.sei.cmu.edu/blog/when-aslr-is-not-really-aslr-the-case-of-incorrect-assumptions-and-bad-defaults/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAs a vulnerability analyst at the CERT Coordination Center, I am interested not only in software vulnerabilities themselves, but also exploits and exploit mitigations....William DormannFri, 03 Aug 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/when-aslr-is-not-really-aslr-the-case-of-incorrect-assumptions-and-bad-defaults/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability MitigationSecurity VulnerabilitiesCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/insider-threat-supply-chain-best-practices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post outlines best practices for establishing an appropriate level of control to mitigate the risks involved in working with outside entities that support your organization's mission....Jean HandyThu, 10 May 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/insider-threat-supply-chain-best-practices/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesMission AssuranceInsider ThreatBest PracticesBest Practices in Network Securityhttps://www.sei.cmu.edu/blog/automatically-stealing-password-hashes-with-microsoft-outlook-and-ole/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesBack in 2016, a coworker of mine was using CERT BFF, and he asked how he could turn a seemingly exploitable crash in Microsoft Office into a proof-of-concept exploit that runs calc.exe....William DormannTue, 10 Apr 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/automatically-stealing-password-hashes-with-microsoft-outlook-and-ole/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecurity VulnerabilitiesVulnerability DiscoveryCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesDiscover the recently released CERT Guide to Coordinated Vulnerability Disclosure in this SEI Blog post.Allen HouseholderTue, 15 Aug 2017 00:00:00 -0400https://www.sei.cmu.edu/blog/the-cert-guide-to-coordinated-vulnerability-disclosure/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesVulnerability DiscoveryVulnerability MitigationCERT/CCCyber MissionsBest Practiceshttps://www.sei.cmu.edu/blog/the-consequences-of-insecure-software-updates/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this blog post, I discuss the impact of insecure software updates as well as several related topics, including mistakes made by software vendors in their update mechanisms, how to verify the security of a software update, and how vendors can implement secure software updating mechanisms.William DormannFri, 30 Jun 2017 00:00:00 -0400https://www.sei.cmu.edu/blog/the-consequences-of-insecure-software-updates/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability MitigationSecurity VulnerabilitiesCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/the-twisty-maze-of-getting-microsoft-office-updates/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post explores the complexities and challenges of managing Microsoft Office updates and provides insights into installation best practices.William DormannThu, 13 Apr 2017 00:00:00 -0400https://www.sei.cmu.edu/blog/the-twisty-maze-of-getting-microsoft-office-updates/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability MitigationSecurity VulnerabilitiesCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/moving-beyond-resilience-to-prosilience/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn about the prosilience concept for preparing and responding to cyber incidents, in addition to its benefits in improving risk management in this SEI Blog post.Summer FowlerMon, 27 Feb 2017 00:00:00 -0500https://www.sei.cmu.edu/blog/moving-beyond-resilience-to-prosilience/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesInsider ThreatBest Practiceshttps://www.sei.cmu.edu/blog/cvd-series-principles-of-coordinated-vulnerability-disclosure-part-2-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog, the second in a nine-part series, explores Coordinated Vulnerability Disclosure (CVD) best practices for vulnerability disclosure.Garret WassermannTue, 04 Oct 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/cvd-series-principles-of-coordinated-vulnerability-disclosure-part-2-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity VulnerabilitiesCERT/CCBest Practiceshttps://www.sei.cmu.edu/blog/cvd-series-what-is-coordinated-vulnerability-disclosure-part-1-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis is the first post in a series about Coordinated Vulnerability Disclosure (CVD). In this series, we will discuss why CVD is an important part of the modern software development lifecycle, and how individuals and organizations can establish a CVD process.Garret WassermannTue, 27 Sep 2016 00:00:00 -0400https://www.sei.cmu.edu/blog/cvd-series-what-is-coordinated-vulnerability-disclosure-part-1-of-9/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCERT/CC VulnerabilitiesVulnerability AnalysisSecurity VulnerabilitiesBest Practices