CERT Resilience Management Model (RMM): A Maturity Model for Managing Operational Resilience (Hardcover)

Description

CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals.

 

This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM.

 

Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how itsupports relationships tightly linked to your objectives.

 

Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change.

 

Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples.

 

Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials.

 

This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.

描述
CERT® Resilience Management Model (CERT-RMM) 是一種創新且轉型的方式，用於在複雜且風險不斷演變的環境中管理運營韌性。CERT-RMM 將多年的研究成果提煉成最佳實踐，用於管理人員、信息、技術和設施的安全性和可生存性。它將這些最佳實踐整合到一個統一的、以能力為中心的成熟度模型中，該模型包括安全、業務連續性和 IT 運營。通過使用 CERT-RMM，組織可以擺脫以儲存為驅動的方法來管理運營風險，並實現戰略韌性管理目標。

本書既介紹了 CERT-RMM，又完整地呈現了該模型。它首先為所有專業人士提供了必要的背景，無論他們以前是否使用過流程改進模型。接下來，它解釋了 CERT-RMM 的通用目標和實踐，並討論了使用該模型的各種方法。一些貢獻者的短文說明了如何應用 CERT-RMM 以達到不同的目的，或者如何用它來改進現有的計劃。最後，本書提供了對 CERT-RMM 中包含的所有 26 個流程領域的完整基礎理解。

第一部分總結了流程改進方法對於管理韌性的價值，解釋了 CERT-RMM 的慣例和核心原則，描述了模型的架構，並展示了它如何支持與您的目標緊密聯繫的關係。

第二部分重點介紹了如何使用 CERT-RMM 在風險快速出現和變化的複雜環境中建立維持運營韌性管理流程的基礎。

第三部分詳細介紹了 CERT-RMM 的所有 26 個流程領域，從資產定義到漏洞解決。對於每個流程領域，都提供了目標和實踐的完整描述，並附有實際例子。

第四部分包含附錄，包括定向改進路線圖、詞彙表和其他參考資料。

本書對於任何希望提高高價值服務的使命保證的人都很有價值，包括大型企業或組織單位的領導者、安全或業務連續性專家、大型 IT 運營的經理，以及使用 ISO 27000、COBIT、ITIL 或 CMMI 等方法論的人士。