Enterprise Risk and Resilience Management
A focus on enterprise risk and resilience helps organizations plan for and predict problems, quickly pivot to address issues, and build the capability to thrive in the face of disruption.
With new cyber threats emerging every day, it’s not a question of if, but when an organization will be attacked. While your organization cannot anticipate every disruption or prevent every cyber attack, you must be able to anticipate and respond to changes in the risk environment at a moment’s notice and be ready to continue operations to meet your mission when disruptions occur.
Accomplishing a continuity of operations during a disruption requires a resilience approach to cybersecurity—an integrated, holistic way to manage security risks, business continuity, disaster recovery, and IT operations—in the context of your business mission and strategy. Mitigating disruptions and managing risk to critical assets by optimizing both protection and continuity strategies prepares your organization for a broad range of outcomes. It also supports your ability to seek opportunities, knowing you can manage your risk appetite and risk tolerance to reach your goal.
Developing a comprehensive and integrated approach to cybersecurity can help achieve this strength of predictability and the stability to pivot in uncertain times. Our experts in the CERT Division of the SEI conduct cybersecurity research and create models, tools, and methods to empower organizations to gain justified confidence in their cybersecurity posture.
Our Expertise, Your Operational Resilience
The SEI’s researchers, engineers, and subject-matter experts often lead the national conversation on critical infrastructure protection and supply chain risk management. Our experienced team also develops organizational assessments based on our risk and resilience solutions. We have measured and evaluated organizations of all makeups and sizes, and the tools and methods we develop empower organizations to gain justified confidence in their cybersecurity posture.
Our cybersecurity research and solutions enable your organization to apply cyber risk and resilience management models and methods to assess and improve its operational resilience, manage operational risks, define meaningful metrics, and ensure mission success.
Our research spans the planning, integration, execution, and governance of operational resilience in the ever-changing cyber and technological landscape. We leverage that research to develop best practices, resilience management models, and other methods and tools for assessing and improving enterprise security and operational resilience.
As a trusted partner, we help organizations
- identify and mitigate operational risks that could lead to service disruptions before they occur
- prepare for and respond to disruptive events (realized risks) in a way that demonstrates command and control of incident response and service continuity
- recover and restore mission-critical services and operations within acceptable time frames after an incident
- educate and train their workforces in cyber risk and resilience management
We also offer many resources that help organizations manage their supply chain risk, also called third-party risk, to
- determine the maturity of their external dependencies management
- draft better contracts with third parties
- build relationships with the right third parties
- maintain awareness of changes and vulnerabilities that might affect suppliers
What We Offer
Chief Information Security Officer (CISO) certificate program
Learn the skills you need to be an effective CISO.
Chief Risk Officer program
Leaders in risk management can enter this program to gain the latest skills and best practices impacting their domain.
Assessing Information Security Risk Using the OCTAVE Approach
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.
Measuring What Matters: Security Metrics Workshop
Students in this course will use real-world strategic objectives to develop specific business goals and the applicable questions, indicators, and actionable metrics that they can implement at their own organizations.
OCTAVE FORTE: Connecting the Board Room to Cyber Risk
This course is targeted to executives, managers, and technical staff who play a decision making role in the enterprise.
Assessment of Your Cybersecurity Posture
Contact us to collaborate or to learn more about measuring the effectiveness of your cybersecurity posture.
CERT Resilience Management Model (CERT-RMM) Version 1.2
CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.
Latest from the SEI Blog
Process and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disaster
May 08, 2023 • Blog Post
Weak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical...read
2 Approaches to Risk and Resilience: Asset-Based and Service-Based
February 06, 2023 • Blog Post
There are benefits and challenges of the two approaches to risk and resilience management: one based on an organization’s assets and the other on its...read
Our Vision for the Future of Enterprise Risk and Resilience
By its very nature, the enterprise risk landscape will continue to evolve with organizations facing ever-changing threats. At the SEI, we will continue to meet that challenge. Deriving practical tools and methods from the best concepts that academia has to offer and best practices from private industry is at the heart of our work. Current efforts are underway for publishing additional OCTAVE FORTE content.
Follow our work and learn more in the SEI’s Insider Threat blog.