• Are security and business continuity activities coordinated in your organization or are they performed in silos? Are they viewed as technical rather than business activities?
• Can you actively manage operational resiliency or do you typically react to disruptive events as they occur?
• Do you know if the security and business continuity practices you’ve implemented are effective? Do they support the achievement of the organization’s strategic objectives and mission?
• Can you measure the success of your security and business continuity activities? Can you consistently repeat and sustain that success over the long run?
• Do you have a foundation from which to continuously improve your security and business continuity efforts?

If your organization cannot answer these questions with certainty, our research in the field of resiliency engineering may be able to help. We are developing tools, techniques, and methodologies that allow organizations to move their security and business continuity activities to the next level by focusing on actively managing operational resiliency to achieve the organization’s mission. The cornerstone of our research is the development of the CERT ^® Resiliency Engineering Framework.

The framework is the foundation for a process improvement approach to security and business continuity. It establishes an organization's resiliency engineering process: a collection of essential capabilities that an organization performs to ensure that its important assets—people, information, technology, and facilities—stay productive in supporting business processes and services. The framework serves as a foundation from which an organization can measure its current competency, set improvement targets, and establish plans and actions to close any identified gaps. As a result, the organization repositions and repurposes its security and business continuity activities and takes on a process improvement mindset that helps to keep these activities productive in the long run.

The CERT^® Resiliency Engineering Framework doesn’t replace your organization’s best practices—it provides a process structure into which these practices can be inserted and managed. Using the resiliency engineering process definition as a guide, your organization can select the right practices to achieve the intended result and to ensure optimized resource deployment. In turn, your organization can measure the achievement of process goals to validate that the implemented practices are providing results.