Date of Original Version



Technical Report

Abstract or Description

Organizations that are using the CERT® Resilience Management Model and organizations that are considering using it want information about the business value of implementing resilience processes and practices, and how to determine which ones to implement. This report describes the SEI research study that begins to address this need. It includes a discussion of the completed phase 1 study and a proposed phase 2 project. Phase 1 included forming a hypothesis and set of research questions and using a variety of techniques to collect data and evaluate whether resilience practices have a discernible (measurable) effect on operational resilience-that is, an organization's ability to continue to carry out its mission (provide critical services) in the presence of operational stress and disruption. The outcomes of phase 1 provide the foundation for the proposed phase 2. The longer term goal includes developing a quantitative, validated business case for prioritizing and implementing specific resilience practices, including decision criteria for selecting and measuring investments in improved resilience.