Defining a Progress Metric for CERT RMM Improvement

Abstract

This report describes how the authors defined a Cybersecurity Program Progress Metric (CPPM) in support of a large, diverse U.S. national organization. The CPPM, based on the CERT-Resilience Management Model (CERT-RMM) v1.1, provides an indicator of pro-gress towards achievement of CERT-RMM practices. The CPPM is an implementation metric that can be used to measure incremental progress in implementation of CERT-RMM practices and, through an aggregate score, show overall progress in achieving the goals of a cybersecurity program. The underlying concept of a CERT-RMM-based index is applicable to any organization using the CERT-RMM for model-based process improvement for such operational risk management activities as cybersecurity, business continuity, disaster recovery, IT operations, and incident response. Moreover, the underlying concept is applicable to other models such as the Cybersecurity Capability Maturity Model (C2M2).

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 14, 2017
Accession Number
AD1045000

Entities

People

  • David Tobar
  • Gregory Crabb
  • Nader Mehravari

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Business Administration
  • Commerce
  • Cybersecurity
  • Department Of Homeland Security
  • Engineering
  • Governments
  • Homeland Security
  • Information Security
  • Intrusion Detection
  • Intrusion Detectors
  • Postal Service
  • Resilience
  • Risk
  • Security
  • Software Development
  • Training
  • United States

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Organizational Process Management (OPM).
  • Software Engineering.

Technology Areas

  • Cyber