Abstract Details

<< Back to Schedule

10/14/2015  |   10:00 AM - 10:45 AM   |  Pacific I

A Scorecard for Cyber Resilience: What We have Observed

This presentation provides aggregate results of 200+ Cyber Resilience Review (CRR) assessments and presents insights into specific strengths and weaknesses in the cybersecurity capabilities of organizations which provide the nation’s critical infrastructure. The CRR was developed to provide meaningful indicators of operational resilience. The CRR is a one-day facilitated workshop assessing a critical infrastructure organization’s cybersecurity capabilities in 10 domains. This presentation will - Present an overview of the CRR method; Describe how CRR Data is collected; Provide an overview of the CRR Data which has been collected; Describe the CRR Data Analysis effort; Present Maturity Indicator Level observations; Present Domain specific observations; and Discuss next steps.

This presentation has not yet been uploaded.

No handouts have been uploaded.

Philip Scolieri (Primary Presenter,Co-Presenter), CERT Division, Software Engineering Institute, Carnegie Mellon University, pascolieri@cert.org;
Philip Scolieri holds the position of Senior Information and Infrastructure Analyst within the CERT Program, Software Engineering Institute, Carnegie Mellon University. He performs information and critical infrastructure protection research and develops methods, tools, and techniques for resilient enterprise management. Scolieri has over 30 years managerial and technical experience in engineering, information technology and information security. Prior to joining CERT in 2010, Scolieri was the Manager of Security and Compliance and leading disaster recovery efforts for a Fortune 500 manufacturing organization. He holds an MS and BS degree in Electrical Engineering from the University of Pittsburgh.

Robert Vrtis (Co-Presenter), CERT Division, Software Engineering Institute, Carnegie Mellon University, rv@cert.org;
Bob Vrtis is a Senior Engineer with the CERT Division of Carnegie Mellon University’s Software Engineering Institute. He has been with the CERT since 2013 and performs information and critical infrastructure protection research. Bob was responsible for the establishment of the Army CERT at the Land Information Warfare Activity in the late 1990’s. Since retiring from the US Army he has worked in a number of defense contractors, most recently supporting Information Sharing for DoD CIO. He holds an MS in Operations Research from the Georgia Institute of Technology and a BS in Mathematics from DePaul University.

2013 Sponsors: IEEE and IEEE Computer Society