Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CERT Resilience Management Model

CERT Resilience Management Model

📌 CERT Resilience Management Model 📌

🔸 The Resilience Management Model of the Software Engineering Institute | Carnegie Mellon University (CERT-RMM) aims to improve how organizations behave and respond in advance of and during times of stress and disruption.

🔸 CERT-RMM establishes innovative and transformative ways to manage operational resilience in complex, risk-evolving environments. It distils years of research into best practices for managing the security and survivability of people, information, technology, and facilities. These best practices are integrated into a unified, capability-focused maturity model encompassing security, business continuity, and IT operations.

🔸 By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals. This is pretty important; it is one of the biggest challenges to achieving all-round resilience in organizations.

🔸 CERT-RMM defines four capability levels, designated by the numbers 0 through 3, as incomplete, performed, managed & defined.

🔸 A central concept of the maturity model is convergence, defined as the harmonization of operational risk management activities with similar objectives and outcomes. Given the cascading effect one dimension of resilience could have over other dimensions, the idea is to view resilience from a single viewpoint.

🔸 The high-value services of the organization are the focus of the organization’s operational resilience management activities.
These services directly support achieving strategic objectives and, therefore, must be protected and sustained to the extent necessary to minimize disruption.

Kennedy Torkura

June 10, 2023
Tweet

More Decks by Kennedy Torkura

Other Decks in Technology

Transcript

  1. The CERT Resilience Management Model (CERT-RMM) is the foundation for

    a process improvement approach to operational resilience management. It defines the essential organizational practices that are necessary to manage operational resilience. @run2obtain
  2. You can use CERT-RMM to determine your organization's capability to

    manage resilience, set goals and targets, and develop plans to close identified gaps. By using a process view, CERT-RMM can help your organization respond to stress with mature and predictable performance. @run2obtain
  3. The high-value services of the organization are the focus of

    the organization’s operational resilience management activities. These services directly support the achievement of strategic objectives and therefore must be protected and sustained to the extent necessary to minimize disruption. Failure to keep these services viable and productive may result in significant inability to meet strategic objectives and, in some cases, the organization’s mission @run2obtain
  4. Applying these concepts to a cloud-native infrastructure is not only

    interesting but relevant. The cool thing is cloud-native infrastructure includes built- in resilience features & services that could be leveraged. @run2obtain