We Need Diverse Ya Sale

Special Offers see all

Enter to WIN a $100 Credit

Subscribe to PowellsBooks.news
for a chance to win.
Privacy Policy

Visit our stores

    Recently Viewed clear list

    The Powell's Playlist | June 29, 2015

    Roger Hobbs: IMG Soundtrack of Macau: Roger Hobbs's Playlist for Vanishing Games

    My new novel, Vanishing Games, is a heist thriller set in the gambling city of Macau, China. I lived there briefly while researching the book and... Continue »
    1. $18.17 Sale Hardcover add to wish list

      Vanishing Games

      Roger Hobbs 9780385352642

Qualifying orders ship free.
List price: $87.75
Used Hardcover
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Qty Store Section
1 Partner Warehouse General- General

More copies of this ISBN

Cert Resilience Management Model (11 Edition)


Cert Resilience Management Model (11 Edition) Cover


Synopses & Reviews

Please note that used books may not include additional media (study guides, CDs, DVDs, solutions manuals, etc.) as described in the publisher comments.

Publisher Comments:

CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals.


This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM.


Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how itsupports relationships tightly linked to your objectives.


Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change.


Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples.


Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials.


This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.

Book News Annotation:

This voluminous guide to implementing practices designed to enhance corporate resiliency in the face of IT failures provides information on the CERT-Resilience Management Model methodology developed by the Software Engineering Institute at Carnegie Mellon University. Divided into three sections the work begins with an overview of the CERT-RMM and moves to discussions of process institutionalization and improvement and examinations of the specific areas of CERT-RMM processes. A series of appendices include a selection of goals and practices templates and targeted improvement roadmaps. Allen, White and Caralli are senior technical staff members at the Software Engineering Institute. Annotation ©2011 Book News, Inc., Portland, OR (booknews.com)


An innovative and transformative way to manage operational resilience in complex, risk-evolving environments, this book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists.

About the Author

The authors are senior technical staff members within the CERT Program of the Software Engineering Institute (SEI). Richard A. Caralli, Resilient Enterprise Management technical manager, develops and delivers methods, tools, and techniques for enterprise security and resilience management. He has led the development of CERT-RMM. Julia H. Allen conducts research in operational resilience, software security and assurance, and measurement and analysis. She served as the SEI’s Acting Director and Deputy Director/COO and authored The CERT® Guide to System and Network Security Practices (Addison-Wesley, 2001). David W. White, a core member of the CERT-RMM development team, develops CERT-RMM and related products and helps organizations apply them.

Table of Contents

List of Figures xi

List of Tables xiii

Preface xv

Acknowledgments xxi


Part One: About the Cert Resilience Management Model 1


Chapter 1: Introduction 7

1.1 The Influence of Process Improvement and Capability Maturity Models 8

1.2 The Evolution of CERT-RMM 10

1.3 CERT-RMM and CMMI Models 15

1.4 Why CERT-RMM Is Not a Capability Maturity Model 18


Chapter 2: Understanding Key Concepts in CERT-RMM 21

2.1 Foundational Concepts 21

2.2 Elements of Operational Resilience Management 27

2.3 Adapting CERT-RMM Terminology and Concepts 39


Chapter 3: Model Components 41

3.1 The Process Areas and Their Categories 41

3.2 Process Area Component Categories 42

3.3 Process Area Component Descriptions 44

3.4 Numbering Scheme 47

3.5 Typographical and Structural Conventions 49


Chapter 4: Model Relationships 53

4.1 The Model View 54

4.2 Objective Views for Assets 59


Part Two: Process Institutionalization and Improvement 65


Chapter 5: Institutionalizing Operational Resilience Management Processes 67

5.1 Overview 67

5.2 Understanding Capability Levels 68

5.3 Connecting Capability Levels to Process Institutionalization 69

5.4 CERT-RMM Generic Goals and Practices 73

5.5 Applying Generic Practices 74

5.6 Process Areas That Support Generic Practices 74


Chapter 6: Using CERT-RMM 77

6.1 Examples of CERT-RMM Uses 78

6.2 Focusing CERT-RMM on Model-Based Process Improvement 80

6.3 Setting and Communicating Objectives Using CERT-RMM 83

6.4 Diagnosing Based on CERT-RMM 92

6.5 Planning CERT-RMM—Based Improvements 95


Chapter 7: CERT-RMM Perspectives 99

Using CERT-RMM in the Utility Sector, by Darren Highfill and James Stevens 99

Addressing Resilience as a Key Aspect of Software Assurance Throughout the Software Life Cycle, by Julia Allen and Michele Moss 104

Raising the Bar on Business Resilience, by Nader Mehravari, PhD 110

Measuring Operational Resilience Using CERT-RMM, by Julia Allen and Noopur Davis 115


Part Three: CERT-RMM Process Areas 119


Asset Definition and Management 121

Access Management 149

Communications 175

Compliance 209

Controls Management 241

Environmental Control 271

Enterprise Focus 307

External Dependencies Management 341

Financial Resource Management 381

Human Resource Management 411

Identity Management 447

Incident Management and Control 473

Knowledge and Information Management 513

Measurement and Analysis 551

Monitoring 577

Organizational Process Definition 607

Organizational Process Focus 629

Organizational Training and Awareness 653

People Management 685

Risk Management 717

Resilience Requirements Development 747

Resilience Requirements Management 771

Resilient Technical Solution Engineering 793

Service Continuity 831

Technology Management 869

Vulnerability Analysis and Resolution 915


Part Four: The Appendices 943


Appendix A: Generic Goals and Practices 945

Appendix B: Targeted Improvement Roadmaps 957

Appendix C: Glossary of Terms 965

Appendix D: Acronyms and Initialisms 989

Appendix E: References 993


Book Contributors 997


Index 1001

Product Details

Caralli, Richard A.
Addison-Wesley Professional
White, David
White, David W.
Caralli, Richard
Allen, Julia H.
Quality Control
Business-Quality and Total Quality Management TQM
Edition Description:
SEI Series in Software Engineering
Publication Date:
9.32 x 7.5 x 1.51 in 1508 gr

Related Subjects

Business » Quality and Total Quality Management TQM
Computers and Internet » Software Engineering » Software Management

Cert Resilience Management Model (11 Edition) Used Hardcover
0 stars - 0 reviews
$60.50 In Stock
Product details 1056 pages Addison-Wesley Professional - English 9780321712431 Reviews:
"Synopsis" by , An innovative and transformative way to manage operational resilience in complex, risk-evolving environments, this book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists.
  • back to top


Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.