Admin News Admin Admin Admin Admin

Please enter email address to receive NEWSALERTS and ISSUE BRIEFS

Search articles
Ref: Monday Story #1

Carnegie Mellon Software Engineering Institute Announces Release of the CERT Resiliency Engineering Framework

Collaboration with Financial Services Technology Consortium results in new
model for security and business continuity management

PITTSBURGH, March 26 /PRNewswire/ -- The Carnegie Mellon Software
Engineering Institute (SEI) CERT Program, together with the Financial
Services Technology Consortium (FSTC), today announced the availability of
the CERT(R) Resiliency Engineering Framework. This framework provides a
comprehensive roadmap that enables organizations of all sizes to establish,
manage, and evaluate operational resiliency which encompasses both security
and business continuity.

The CERT Resiliency Engineering Framework (REF) embodies methods and
guidelines that have been developed and proven in practice over the last
20+ years by the SEI, combined with security and business continuity
expertise gained through the SEI's collaboration with FSTC.

"Our collaboration with FSTC over the past couple of years has enabled
the SEI to develop and release a roadmap specifically designed for
organizations to be flexible and straightforward to implement across all
sizes of enterprises and their suppliers," said Rich Caralli, technical
lead for the CERT REF project. "REF is based not only on our own
experience. FSTC provided us with unparalleled access to some of the best
practitioners in the security and business continuity space."

"Operational resiliency and effective risk management continue to be a
priority for all of us in the financial services industry," said Dan
Schutzer, Executive Director of the Financial Services Technology
Consortium. "The Resiliency Engineering Framework provides a compelling new
tool to measure and improve resiliency for organizations and their

The framework consists of over 20 comprehensive capability modules,
giving organizations the flexibility to implement as few or as many as
their needs and strategies require. Benchmarking against the framework will
help organizations optimize their operational resiliency investments, make
objective peer-to-peer comparisons in their industry sector, and select
capable third-party suppliers.

"The release of REF represents a significant milestone in giving
organizations a roadmap to evaluate and manage their operational risk and
resiliency capability," said Charles Wallen, Managing Executive of FSTC's
Business Continuity Standing Committee. "This comprehensive Framework
provides the basis for objective appraisals to benchmark an organization's
resiliency activities and those of third-party suppliers."

"This gives the community a common, objective, and comparable
measurement of business continuity and security capabilities," added David
White, one of the REF developers at CERT. "We are already seeing a
tremendous amount of interest in it from companies all over the world."

Operational resiliency is a board-level issue that affects shareholder
value and requires a strategic refocusing of disciplines such as business
continuity, information security, and operations. Innovations are needed by
organizations to successfully manage these converging disciplines and to
address operational risk. FSTC and CERT are focused on meeting these
evolving requirements by introducing a process improvement approach that
grows with the organization as they develop their capabilities and
encounter ever-changing risk environments.

REF is available for immediate download from the CERT website at This is the first public
version of the framework, and public review and comment are welcome.
Instructions are available on the website for how to provide comments.

About FSTC

FSTC brings together diverse and often competitive financial
institutions, industry service providers, government agencies, and others
to collaborate and find solutions to key industry challenges. Project
topics come from member financial institutions and are driven by
participating members with the support of FSTC staff. For more information
on FSTC, the Resiliency Model Project, or current and future FSTC projects,
please visit

About the Software Engineering Institute CERT Program

The Software Engineering Institute (SEI) is a U.S. Department of
Defense federally funded research and development center operated by
Carnegie Mellon University. The SEI helps organizations make measured
improvements in their software engineering capabilities by providing
technical leadership to advance the practice of software engineering. The
SEI CERT(R) Program, which includes the CERT Coordination Center (CERT/CC)
is a center of enterprise and network security research, analysis, and
training within the SEI. For more information, visit the CERT Web site at and the SEI Web site at

Alerts Media Resources