Defining a Progress Metric for CERT RMM Improvement

Defining a Progress Metric for CERT RMM Improvement

This report describes how the authors defined a Cybersecurity Program Progress Metric (CPPM) in support of a large, diverse U.S. national organization. The CPPM, based on the CERT-Resilience Management Model (CERT-RMM) v1.1, provides an indicator of pro-gress towards achievement of CERT-RMM practice...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Crabb,Gregory, Mehravari,Nader, Tobar,David
Format: Report
Sprache:eng
Schlagworte:
Administration and Management
CERT-RMM(CERT-Resilience Management Model) practices
computer security techniques
Computer Systems Management and Standards
CPPM(Cybersecurity Program Progress Metric)
cybersecurity metrics
Information Science
model-based process improvement
Resilience Metrics
software metrics
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This report describes how the authors defined a Cybersecurity Program Progress Metric (CPPM) in support of a large, diverse U.S. national organization. The CPPM, based on the CERT-Resilience Management Model (CERT-RMM) v1.1, provides an indicator of pro-gress towards achievement of CERT-RMM practices. The CPPM is an implementation metric that can be used to measure incremental progress in implementation of CERT-RMM practices and, through an aggregate score, show overall progress in achieving the goals of a cybersecurity program. The underlying concept of a CERT-RMM-based index is applicable to any organization using the CERT-RMM for model-based process improvement for such operational risk management activities as cybersecurity, business continuity, disaster recovery, IT operations, and incident response. Moreover, the underlying concept is applicable to other models such as the Cybersecurity Capability Maturity Model (C2M2).