CERT(R) Resilience Management Model (CERT-RMM) is an innovative
and transformative way to manage operational resilience in complex,
risk-evolving environments. CERT-RMM distills years of research into
best practices for managing the security and survivability of people,
information, technology, and facilities. It integrates these best
practices into a unified, capability-focused maturity model that
encompasses security, business continuity, and IT operations. By using
CERT-RMM, organizations can escape silo-driven approaches to managing
operational risk and align to achieve strategic resilience management
goals.
This book both introduces CERT-RMM and presents the model in its
entirety. It begins with essential background for all professionals,
whether they have previously used process improvement models or not.
Next, it explains CERT-RMM's Generic Goals and Practices and discusses
various approaches for using the model. Short essays by a number of
contributors illustrate how CERT-RMM can be applied for different
purposes or can be used to improve an existing program. Finally, the
book provides a complete baseline understanding of all 26 process areas
included in CERT-RMM.
Part One summarizes the value of a process improvement approach to
managing resilience, explains CERT-RMM's conventions and core
principles, describes the model architecturally, and shows how it
supports relationships tightly linked to your objectives.
Part Two focuses on using CERT-RMM to establish a foundation for
sustaining operational resilience management processes in complex
environments where risks rapidly emerge and change.
Part Three details all 26 CERT-RMM process areas, from asset definition
through vulnerability resolution. For each, complete descriptions of
goals and practices are presented, with realistic examples.
Part Four contains appendices, including Targeted Improvement Roadmaps,
a glossary, and other reference materials.
This book will be valuable to anyone seeking to improve the mission
assurance of high-value services, including leaders of large enterprise
or organizational units, security or business continuity specialists,
managers of large IT operations, and those using methodologies such as
ISO 27000, COBIT, ITIL, or CMMI.
