Enterprise Risk and Resilience Management
A focus on enterprise risk and resilience helps organizations plan for and predict problems, quickly pivot to address issues, and build the capability to thrive in the face of disruption.
With new cyber threats emerging every day, it’s not a question of if, but when an organization will be attacked. While your organization cannot anticipate every disruption or prevent every cyber attack, you must be able to anticipate and respond to changes in the risk environment at a moment’s notice and be ready to continue operations to meet your mission when disruptions occur.
Accomplishing a continuity of operations during a disruption requires a resilience approach to cybersecurity—an integrated, holistic way to manage security risks, business continuity, disaster recovery, and IT operations—in the context of your business mission and strategy. Mitigating disruptions and managing risk to critical assets by optimizing both protection and continuity strategies prepares your organization for a broad range of outcomes. It also supports your ability to seek opportunities, knowing you can manage your risk appetite and risk tolerance to reach your goal.
Developing a comprehensive and integrated approach to cybersecurity can help achieve this strength of predictability and the stability to pivot in uncertain times. Our experts in the CERT Division of the SEI conduct cybersecurity research and create models, tools, and methods to empower organizations to gain justified confidence in their cybersecurity posture.
Our Expertise, Your Operational Resilience
The SEI’s researchers, engineers, and subject-matter experts often lead the national conversation on critical infrastructure protection and supply chain risk management. Our experienced team also develops organizational assessments based on our risk and resilience solutions. We have measured and evaluated organizations of all makeups and sizes, and the tools and methods we develop empower organizations to gain justified confidence in their cybersecurity posture.
Our cybersecurity research and solutions enable your organization to apply cyber risk and resilience management models and methods to assess and improve its operational resilience, manage operational risks, define meaningful metrics, and ensure mission success.
Our research spans the planning, integration, execution, and governance of operational resilience in the ever-changing cyber and technological landscape. We leverage that research to develop best practices, resilience management models, and other methods and tools for assessing and improving enterprise security and operational resilience.
As a trusted partner, we help organizations
- identify and mitigate operational risks that could lead to service disruptions before they occur
- prepare for and respond to disruptive events (realized risks) in a way that demonstrates command and control of incident response and service continuity
- recover and restore mission-critical services and operations within acceptable time frames after an incident
- educate and train their workforces in cyber risk and resilience management
We also offer many resources that help organizations manage their supply chain risk, also called third-party risk, to
- determine the maturity of their external dependencies management
- draft better contracts with third parties
- build relationships with the right third parties
- maintain awareness of changes and vulnerabilities that might affect suppliers
What We Offer
Learn the skills you need to be an effective CISO.
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method.
This course is targeted to executives, managers, and technical staff who play a decision making role in the enterprise.
CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.
Latest from the SEI Blog
August 23, 2021 • Blog Post
This blog post translates federal-government-specific aspects of the Risk Management Framework into processes for nonfederal...read
March 03, 2021 • Blog Post
This blog post is intended for DoD contractors looking for additional clarification as they prepare for a CMMC assessment. It will walk you through the assessment guides, provide basic CMMC concepts and definitions, and introduce alternate descriptions of some...read
Our Vision for the Future of Enterprise Risk and Resilience
By its very nature, the enterprise risk landscape will continue to evolve with organizations facing ever-changing threats. At the SEI, we will continue to meet that challenge. Deriving practical tools and methods from the best concepts that academia has to offer and best practices from private industry is at the heart of our work. Current efforts are underway for publishing additional OCTAVE FORTE content.
Follow our work and learn more in the SEI’s Insider Threat blog.