SEI Blog | Risk

SEI Blog | Riskhttp://sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching Risken-usMon, 06 Feb 2023 00:00:00 -05002 Approaches to Risk and Resilience: Asset-Based and Service-Basedhttps://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThere are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its services.Emily ShawgoMon, 06 Feb 2023 00:00:00 -0500https://www.sei.cmu.edu/blog/2-approaches-to-risk-and-resilience-asset-based-and-service-based/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementOperational ResilienceResilience Management Model (RMM)CybersecurityEnterprise Risk and Resilience ManagementRiskCritical Infrastructure ProtectionIT, OT, and ZT: Implementing Zero Trust in Industrial Control Systemshttps://www.sei.cmu.edu/blog/it-ot-and-zt-implementing-zero-trust-in-industrial-control-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post introduces fundamental ZT and ICS concepts, barriers to implementing ZT principles in ICS environments, and potential methods to leverage ZT concepts in this domain.Brian Benestelli, Daniel KambicMon, 18 Jul 2022 00:00:00 -0400https://www.sei.cmu.edu/blog/it-ot-and-zt-implementing-zero-trust-in-industrial-control-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskTranslating the Risk Management Framework for Nonfederal Organizationshttps://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal organizations.Emily Shawgo, Brian BenestelliMon, 23 Aug 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/translating-the-risk-management-framework-for-nonfederal-organizations/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesCyber Risk and Resilience ManagementCybersecurityCybersecurity ControlsEnterprise Risk and Resilience ManagementRiskPotential Implications of the California Consumer Privacy Act (CCPA) for Insider Risk Programshttps://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post reviews the general framework of the California Consumer Privacy Act (CCPA), describes specific implications for insider risk management, and provides recommendations to prepare insider risk programs to mitigate concerns before the CCPA takes effect.Emily Kessel, Sarah Miller, Carrie GardnerMon, 31 May 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/potential-implications-of-the-california-consumer-privacy-act-ccpa-for-insider-risk-programs/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience ManagementInsider ThreatBest PracticesZero Trust Adoption: Managing Risk with Cybersecurity Engineering and Adaptive Risk Assessmenthttps://www.sei.cmu.edu/blog/zero-trust-adoption-managing-risk-with-cybersecurity-engineering-and-adaptive-risk-assessment/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI blog post provides an overview of zero trust and management of its risk with SEI's cybersecurity engineering assessment framework.Geoff SandersMon, 08 Mar 2021 00:00:00 -0500https://www.sei.cmu.edu/blog/zero-trust-adoption-managing-risk-with-cybersecurity-engineering-and-adaptive-risk-assessment/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskCybersecurity Engineering10 Steps for Managing Risk: OCTAVE FORTEhttps://www.sei.cmu.edu/blog/10-steps-managing-risk-octave-forte/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis post, adapted from a recently published technical note, outlines OCTAVE FORTE's 10-step framework to guide nascent organizations as they build an ERM program and mature organizations as they fortify existing ERM programs, making them more reliable, measurable, consistent, and repeatable.Brett TuckerMon, 07 Dec 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/10-steps-managing-risk-octave-forte/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEvaluating Threat-Modeling Methods for Cyber-Physical Systemshttps://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAddressing cybersecurity for a complex system, especially for a cyber-physical system of systems (CPSoS), requires a strategic approach during the entire lifecycle of the system....Nataliya ShevchenkoMon, 04 Feb 2019 00:00:00 -0500https://www.sei.cmu.edu/blog/evaluating-threat-modeling-methods-for-cyber-physical-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure ProtectionThreat Modeling: 12 Available Methodshttps://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesAlmost all software systems today face a variety of threats, and the number of threats grows as technology changes....Nataliya ShevchenkoMon, 03 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/threat-modeling-12-available-methods/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesVulnerability AnalysisSecurity-Related RequirementsOCTAVECyber Risk and Resilience ManagementNetwork Situational AwarenessEnterprise Risk and Resilience ManagementCyber MissionsThreat Modeling Best Practices in Network SecurityRiskCyber-Physical SystemsCritical Infrastructure ProtectionMalware Analysis, Acquisition Strategies, Network Situational Awareness, & Cyber Risk - The Latest Research from the SEIhttps://www.sei.cmu.edu/blog/malware-analysis-acquisition-strategies-network-situational-awareness-cyber-risk-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post presents the SEI's latest research on malware analysis, acquisition strategies, network situational awareness, and cyber risk management.Douglas SchmidtMon, 01 Dec 2014 00:00:00 -0500https://www.sei.cmu.edu/blog/malware-analysis-acquisition-strategies-network-situational-awareness-cyber-risk-the-latest-research-from-the-sei/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesResilience Management Model (RMM)Enterprise Risk and Resilience ManagementRiskEmerging TechnologiesA Taxonomy for Managing Operational Cybersecurity Riskhttps://www.sei.cmu.edu/blog/a-taxonomy-for-managing-operational-cybersecurity-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis SEI Blog post discusses large-scale cyberattacks on payment card systems and a recent effort to create a taxonomy for operational cybersecurity risks.James CebulaMon, 04 Aug 2014 00:00:00 -0400https://www.sei.cmu.edu/blog/a-taxonomy-for-managing-operational-cybersecurity-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience ManagementOCTAVEUnderstanding How Network Security Professionals Perceive Riskhttps://www.sei.cmu.edu/blog/understanding-how-network-security-professionals-perceive-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesExplore the perception of risk among network security professionals and factors that influence SEI's research on risk formulation in this SEI Blog.James CebulaMon, 24 Jun 2013 00:00:00 -0400https://www.sei.cmu.edu/blog/understanding-how-network-security-professionals-perceive-risk/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesRiskEnterprise Risk and Resilience Management