Appendix E. References

URLs are valid as of the publication date of this book.

Alberts 1999 C. J. Alberts, S. G. Behrens, R. D. Pethia, and W. Wilson, Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0, Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-99-TR-017, 1999. [Online]. www.sei.cmu.edu/library/abstracts/reports/99tr017.cfm.

Allen 2004 J. H. Allen et al., Best in Class Security and Operations Roundtable Report, Carnegie Mellon University, Software Engineering Institute, Special Report CMU/SEI-2004-SR-002, 2004. Available upon request from [email protected].

Caralli 2004 R. A. Caralli, Managing for Enterprise Security, Carnegie Mellon University, Software Engineering Institute, Technical Note CMU/SEI-2004-TN-046, 2004. [Online]. www.sei.cmu.edu/library/abstracts/reports/04tn046.cfm.

Caralli 2006 R. A. Caralli, Sustaining Operational Resiliency: A Process Improvement Approach to Security Management, Carnegie Mellon University, Software Engineering Institute, Technical Note CMU/SEI-2006-TN-009, 2006. [Online]. www.sei.cmu.edu/library/abstracts/reports/06tn009.cfm.

Caralli 2007 R. A. Caralli et al., Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes, Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-2007-TR-009, 2007. [Online]. www.sei.cmu.edu/library/abstracts/reports/07tr009.cfm.

Caralli 2010 R. A. Caralli et al., CERT Resilience Management Model, Version 1.0, Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-2010-TR-012, 2010. [Online]. www.sei.cmu.edu/library/abstracts/reports/10tr012.cfm.

CMMI Product Team 2006 CMMI Product Team, CMMI for Development, Version 1.2, Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-2006-TR-008, 2006. [Online]. www.sei.cmu.edu/library/abstracts/reports/06tr008.cfm.

CMMI Product Team 2009 CMMI Product Team, CMMI for Services, Version 1.2, Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-2009-TR-001, 2009. [Online]. www.sei.cmu.edu/library/abstracts/reports/09tr001.cfm.

CNSS 2009 Committee on National Security Systems, Instruction No. 4009, National Information Assurance Glossary, Revised June 2009.

Deming 2000 W. E. Deming, Out of the Crisis, MIT Press, 2000. [Online]. http://mitpress.mit.edu/shared/contact/default.asp.

Dougherty 2009 C. Dougherty, K. Sayre, R. C. Seacord, D. Svoboda, and K. Togashi, Secure Design Patterns, Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-2009-TR-010, 2009. [Online]. www.sei.cmu.edu/library/abstracts/reports/09tr010.cfm.

Economist 2007 Economist Intelligence Unit, “Business Resilience: Ensuring Continuity in a Volatile Environment,” The Economist Intelligence Unit, 2007.

FFIEC 2004 Federal Financial Institutions Examination Council, Outsourcing Technology Services (IT Examination Handbook), 2004. [Online]. www.ffiec.gov/ffiecinfobase/booklets/outsourcing/Outsourcing_Booklet.pdf.

Imai 1986 M. Imai, Kaizen: The Key to Japan’s Competitive Success, McGraw-Hill/Irwin, 1986.

Manadhata 2010 P. K. Manadhata and J. M. Wing, Attack Surface Measurement, 2010. [Online]. www.cs.cmu.edu/~pratyus/as.html.

McFeeley 1996 R. McFeeley, IDEAL: A Users Guide for Software Process Improvement, Carnegie Mellon University, Software Engineering Institute, Handbook CMU/SEI-96-HB-001, 1996. [Online]. www.sei.cmu.edu/library/abstracts/reports/96hb001.cfm. See also www.sei.cmu.edu/library/abstracts/presentations/idealmodelported.cfm.

Mead 2010 Nancy Mead et al. Master of Software Assurance Reference Curriculum, Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-2010-TR-005, 2010.

Microsoft 2009 Microsoft Corporation, Microsoft Security Development Life Cycle, Version 4.1, Microsoft Corporation, 2009. [Online]. www.microsoft.com/security/sdl/.

REF Team 2008a Resiliency Engineering Framework Team, CERT Resiliency Engineering Framework v0.95R, Carnegie Mellon University, Software Engineering Institute, 2008. [Online]. www.cert.org/resilience/rmm_materials.html.

REF Team 2008b Resiliency Engineering Framework Team, CERT Resiliency Engineering Framework: Code of Practice Crosswalk, Preview Version, v0.95R, Carnegie Mellon University, Software Engineering Institute, 2008. [Online]. www.cert.org/resilience/rmm_materials.html.

SCAMPI Upgrade Team 2006 SCAMPI Upgrade Team, Appraisal Requirements for CMMI, Version 1.2 (ARC, V1.2), Carnegie Mellon University, Software Engineering Institute, Technical Report CMU/SEI-2006-TR-011, 2006. [Online] www.sei.cmu.edu/library/abstracts/reports/06tr011.cfm. See also www.sei.cmu.edu/cmmi/tools/appraisals/materials.cfm.

van Opstal 2007 D. van Opstal, The Resilient Economy: Integrating Competitiveness and Security, Council on Competitiveness, Washington, DC, 2007. [Online]. http://compete.org.

Westby 2008 J. R. Westby and R. Power, Governance of Enterprise Security: CyLab 2008 Report, Carnegie Mellon CyLab, 2008. [Online] www.cylab.cmu.edu/outreach/governance.html.