USPS Case Study

USPS Case Study
USPS Case Study
Created January 2018
SEI researchers teamed with the United States Postal Service (USPS) to help the USPS improve its cybersecurity and resilience. Using metrics based on the CERT Resilience Management Model (CERT-RMM), the SEI and USPS tracked USPS performance and made recommendations based on those assessments. The SEI then collaborated with the USPS to form the CISO Academy, a program for developing a strong cybersecurity workforce at the USPS.
Work With Us
Contact us for help with operational resilience management
More about Cyber Workforce Development research
More about Enterprise Risk and Resilience Management research
Cyber Attack on the U.S. Post Office
In 2014, the USPS experienced a cyber attack that compromised the personally identifiable information of more than 800,000 employees and over 2 million customers. The USPS recognized the need to improve, and it reached out to the SEI to help bolster its cybersecurity posture and operational resilience. The ultimate goal of the USPS was to protect its critical capabilities and assets and enhance its ability to continue business operations under degraded conditions.
Fighting Back with Cybersecurity Strategy and Training
SEI researchers developed metrics, based on the CERT Resilience Management Model (CERT-RMM), to track USPS progress. The measurement activities of the CERT-RMM are an essential element in executing the strategy. SEI researchers used the CERT-RMM to assess USPS performance in important areas—including risk management, system assessment and authorization, software development, incident management, and policy development—and made recommendations based on those assessments.
CISO Academy, a groundbreaking approach to cybersecurity workforce development, offers a 12-week curriculum, including tracks for program managers and technical staff as well as courses delivered through the SEI's Simulation, Training, and Exercise Platform (STEPfwd).
Software and Tools
CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience
July 08, 2016
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
CERT Resilience Management Model (CERT-RMM) Version 1.2
February 15, 2016
CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.
CERT Resilience Management Model (CERT-RMM) Collection
February 15, 2016
CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.
Process and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disaster
May 08, 2023
Blog Post
By
Daniel J. Kambic
Weak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical plant.
READ
CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience
July 08, 2016
Book
By
Richard A. Caralli
Julia H. Allen
and
David W. White
In this book, the authors present best practices for managing the security and survivability of people, information, technology, and facilities.
Read
CERT Resilience Management Model (CERT-RMM) Version 1.2
February 15, 2016
Handbook
CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience.
Read
The CISO Academy
February 23, 2017
White Paper
By
Pamela D. Curtis
Summer C. Fowler
David Tobar
and
David Ulicne
In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO Academy.
Read
CERT-RMM and the U.S. Postal Service (USPS)
October 10, 2014
Collection
Read how the U.S. Postal Service (USPS) uses CERT-RMM to improve the resilience of its products and services.
Becoming a CISO: Formal and Informal Requirements
October 19, 2016
Podcast
By
Darrell Keeling (Parkview Health)
and
Lisa R. Young
In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today's fast-paced cybersecurity field.
Listen
SEI Cyber Minute: CMU CISO Executive Certificate
January 26, 2016
Video
By
Summer C. Fowler
Summer Craze Fowler discusses the CMU CISO Executive Certificate.
Watch
The Top 10 Skills CISOs Need in 2024
January 31, 2024
This SEI Bulletin newsletter was published on January 31, 2024.
Read
Structuring the Chief Information Security Officer Organization
April 14, 2016
Webcast
By
Julia H. Allen
and
Nader Mehravari
This webinar described a CISO organizational structure and functions for a typical large, diverse organization using input from CISOs, policies, frameworks, maturity models, standards, and codes of practice.
Watch