Accession Number:

AD1045000

Title:

Defining a Progress Metric for CERT RMM Improvement

Descriptive Note:

Technical Report

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Report Date:

2017-09-14

Pagination or Media Count:

19.0

Abstract:

This report describes how the authors defined a Cybersecurity Program Progress Metric CPPM in support of a large, diverse U.S. national organization. The CPPM, based on the CERT-Resilience Management Model CERT-RMM v1.1, provides an indicator of pro-gress towards achievement of CERT-RMM practices. The CPPM is an implementation metric that can be used to measure incremental progress in implementation of CERT-RMM practices and, through an aggregate score, show overall progress in achieving the goals of a cybersecurity program. The underlying concept of a CERT-RMM-based index is applicable to any organization using the CERT-RMM for model-based process improvement for such operational risk management activities as cybersecurity, business continuity, disaster recovery, IT operations, and incident response. Moreover, the underlying concept is applicable to other models such as the Cybersecurity Capability Maturity Model C2M2.

Subject Categories:

  • Administration and Management
  • Information Science
  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE