1 Why Use Maturity Models to Improve Cybersecurity: Key Concepts, Principles, and Definitions Transcript Part 1: What Are Maturity Models and Why Are They Useful? Julia Allen: Welcome to CERT's Podcast Series: Security for Business Leaders. The CERT Program is part of the Software Engineering Institute. We're a federally-funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. You can find out more about us at cert.org. Show notes for today's conversation are available at the podcast website. My name is Julia Allen. I'm a principal researcher at CERT, working on operational resilience. Today, I'm very pleased to welcome back Rich Caralli. Rich is the technical director of CERT's Cyber Enterprise and Workforce Management Directorate. He is also the architect of the CERT Resilience Management Model (CERT-RMM), which we've talked about a lot on this podcast series. Today, Rich and I will be discussing some key concepts and definitions of maturity models, some of the underlying principles and ideas, and how these can and have been applied to a wide range of disciplines and market sectors. And just for our podcast listeners' benefit, our conversation is based upon two SEI whitepapers, which will be newly published with the show notes that we'll link to. And we'll also link to two of Rich's previous podcasts where we've discussed some of these ideas as well. So, welcome Rich. It's really good to have you back on the podcast series. Rich Caralli: Thanks Julia. I'm really glad to do this and get some good information about maturity models out there to the community. Julia Allen: Great. So this is kind of interesting timing because maturity models as an idea and in application have been around for a long time. So from your point of view, why are we talking about this now? Why is it particularly time critical? Rich Caralli: Well I think maturity models in general are getting this second wind. And you and I have been involved in this maturity model business for now 10 years, believe it or not. And I think we're starting to see that a whole new community is waking up to the benefits and the advantages of using a maturity model to transform their organizations and their businesses and the way they do things. So I think now's the right time to have this conversation; particularly as maturity models become very prominent in the cybersecurity space, which we're starting to see with a lot of the government efforts and private industry efforts. Julia Allen: So are there some other aspects that drive us to talking about this now? Rich Caralli: Yes, I think it's useful and practical to maybe talk about how we got here because we went on a similar journey that the community's going to go on. Back in 2003, you and I started to work on how we could better improve security as a process. And we started to really look at the lessons that were coming from the Capability Maturity Model Integration (CMMI), the CMMI side of the house, in dealing with improvements in software and systems
2 engineering. And we started to apply those concepts, to the best we could, to more continuous processes like cybersecurity. The banking and finance community in 2004 came to us and said, "A lot of what you're talking about resonates with us but we like the bigger concept; and that bigger concept is resilience." And that's how we got to our early resilience engineering framework work; and then the follow on, which was the CERT Resilience Management Model (CERT-RMM). Since 2010, when we published the first version of RMM, there have been a lot of derivatives including a very nice piece of work that we do with our DHS friends called the Cyber Resilience Review, which helps owners and operators at the critical infrastructure level to look at how mature their resilience practices are. And then the follow-on, and a related effort which we worked on last year, which was the ES- C2M2, which is the Electricity Subsector Cybersecurity Maturity Model; which has had a lot of impact in the power sector, and of course a lot of other sectors like oil and gas are now looking at building a similar model. On the heels of a lot of that, working in that community, Mark Knight, who is a collaborator of ours who is the chair of the Gridwise Architecture Council, noticed as we were noticing that a lot of maturity models were being built in the operational and cybersecurity space; but they all weren't created equal. A lot of them purported to be based on CMM (Capability Maturity Model) but yet didn't demonstrate any of the architecture or characteristics of a CMM. And so we started to think about the fact that maturity models can be a really effective tool for transformation if done properly, but if done improperly, can really have a detrimental effect. I look at it as if I've built you a roadmap to try to get from location A to location B, and if that roadmap was inaccurate or inconsistent, you likely aren't going to get to your destination. So this is why we started to talk about what does a maturity model really constitute and how can it be an effective tool? And all of this has been driven by me to measure effectiveness. The operational and cybersecurity community wants to move away from compliance and implementation-based measurement. And measuring process maturity, if you remember back in 2003, was one way we thought we might be able to measure effectiveness and it turns out that might be an effective way to do it. Julia Allen: As I listen to you speak, I also think about the fact that a lot of the community thinks about process maturity as high overhead, labor and resource intensive, something that you just have to make this huge organizational commitment to. And I think we've found with some of the applications -- Nader Mehravari talked about some of the same applications that you mentioned in our last podcast -- that you can really skinny down and make the ideas play and be scoped and tailored specific to the particular problem you're trying to solve, without having it be a burdensome overhead, right? Rich Caralli: Absolutely. And I think ES-C2M2 is a good example of that -- still deploying some of the core principles but doing it in a way that makes the barrier to use much lower and the ability to use it over time much greater. Julia Allen: Okay great. So let's start with the fundamentals; put some definitions and principles in place. So in your experience, in your observation, the work that you've done, what is a maturity model? And you've said a little bit about its usefulness. But can you say a little bit more about why you would want to even consider using one?
3 Rich Caralli: Sure. I think there are very broad and maybe academic perspectives. A maturity model is really a set of characteristics, attributes, indicators, or patterns that represent progression and achievement in a particular domain or discipline. Put more succinctly, it's the practices and the technologies and the processes that organizations use and stack in a progression, aligned to particular domains or disciplines. So these characteristics, attributes, Indicators, and patterns can be what the community uses to define their space. It also then creates a benchmark against which an organization can assess their current level of achievement or capability and compare that with others in the domain or industry. And I think that that's actually why you see maturity models become so popular in the space because organizations, particularly critical infrastructure sectors, want to do a lot of this benchmarking. When you start to talk about it in that perspective, you get this community view of a maturity model. And I would argue that that's what happened in the use of maturity models in the software and systems engineering domain. The community came around. The maturity model was a place to start. It reflected their experience and knowledge. It gave them a common language and shared vision that they could coalesce around; and it helped them define what improvement in maturity meant for organizations in those domains. As such, it then became a framework for them to use to prioritize their next steps and their actions and their roadmap to drive improvement towards maturity. So all of those benefits that we saw and we have experienced as folks who have worked at the SEI and in the community with the CMMI, are all available to the cybersecurity community through the use of maturity models. Julia Allen: Right. And what I've found through our applications of RMM is this whole idea of having a reference model, a dictionary, a thesaurus, a place where the terms are defined and where the relationships are defined. And I know when I use it, I can tie just about every aspect of a new security improvement initiative to some underlying piece of a goal or a practice or guidance in, in this case, RMM. Its utility as a reference model, as a compendium of knowledge, I've just found incredibly useful. Would you agree with that? Rich Caralli: I agree. I think with RMM in particular, a lot of people are put off by picking up a model that's 1000 pages long, has a lot of information. But we've had a lot of reviewers who have publicly stated that what that gives you is a body of knowledge to work from. And it gives you the target to throw darts at. No model is going to be completely correct, but it's something that everybody can gather around and use and improve over time because the models don't stay static either. So it's definitely -- to me something like RMM is almost more like a body of knowledge from which you can derive useful and practical models. Part 2: Structure and Components Julia Allen: Great. So let's talk about the structure of that body of knowledge. So when you talk about a maturity model -- and later on we're going to talk about a couple of different types of maturity models. But what are some of the key content and structural characteristics, some typical components of a maturity model? In other words, how would I know one if I saw one? Rich Caralli: Yes. So let's start with the components because I think those are the building blocks. So maturity models by nature have levels. Those levels are often referred to as
4 maturity levels or capability levels, although they could have a lot of different names. The name of the level is typically characteristic or representative of the characteristics that exist at that level. So a pretty simple concept. And that's typically a horizontal construct in a model. The more vertical construct is a domain -- so a group of like attributes. When we talk about models like RMM or the CMMI, those domains are really process areas or the grouping of different processes that are related. So for example in RMM, we talk about incident management as a process area. So that's a domain. And the domains are where the characteristics and attributes and indicators are then divided across levels. The actual attributes are at the intersection of a maturity level and a domain. So for example at the domain of incident management, at maturity level 1, there would be a set of attributes that are reflective of and contain the core content of the model at that level. So that could be practices, for example. It could be technology. It could be processes like you often see in a CMM. And then part of what glues all of that together is the ability to use that model -- its domains, its levels, and its attributes, which are the core concepts -- in an appraisal process where you can actually, in a consistent and repeatable way, examine an organization against that model and let them know where they are in their evolutionary journey. We call those appraisal methods typically. The SCAMPI method of CMMI (Standard CMMI Appraisal Method for Improvement) is an example of one of those appraisal methods. ES-C2M2 for example has its own appraisal method that's loosely based on SCAMPI as well. And then there's a larger concept that often includes the concept of a maturity model and that's usually an improvement roadmap. In CMMI, that's called IDEAL (Initiate, Diagnose, Establish, Act, Learn). So it's a plan/do/check/act cycle where you assess against the model. You find out where the gaps are, you make plans and action plans for those gaps, you implement, and then you diagnose again to make sure that you've actually improved. So this improvement roadmap is a larger concept into which the maturity model exists as one part. One of the biggest challenges in a maturity model, as you might imagine, is the transition between the levels. So, effective maturity models that are impactful and useful and really transform communities have measurable transitions between levels that are actually based on empirical data that's been validated. So it is very clear that when I move from level 1 to level 2 there are indicators or markers that I can observe that tells me I've made that transformation. And as you know Julia, that's often one of the steps that's the most difficult in building and using a maturity model. Julia Allen: Right. In other words, you've worked with subject matter experts and you've worked in a particular domain or a particular sector and captured what the contributors know. But as you said, the validation -- in other words, the observation: If I put this practice in place and I do this initial step -- let's say in incident management I do a reasonable job at detecting but I'm not doing any root cause analysis because I don't have that level of maturity yet. You have to actually validate that transition or that evolution or migration of practices really giving you some effective result, right? Rich Caralli: Absolutely. And what we see is that the trend in the maturity models that we're seeing that are being put out there is to group practices or group attributes together in a way that is anecdotal. So I create step 1 and I put these practices there; then I create step 2 and I put these practices there. And there is no real logic in where we draw the line.
5 There certainly is no empirical data that says where to draw the line. And that can still be very useful for a Community because you might say to a community, Take on these practices first and see how well you do with those; and then move to these set of practices. And that may in fact be an indicator of maturity. But when we're talking about real maturity models that are very transformative, that transition between those levels has to be able to be proven. And so this is by the way going to be the biggest challenge in the cybersecurity space because most of the models we put out, even those of us who do this for a living, those transitions are not often empirical at first blush. So we usually let those models kind of simmer with the community and then we start to learn about where those empirical transitions are. And of course we're learning that in RMM. Julia Allen: Right, right. And I think that's why we sometimes get criticized as a community because of that lack of empirical validation and that lack of empirical evidence. But I think what you've said is very important, which is the body of knowledge, giving it a try. It does represent the expertise of a particular community. And I think you used the word 'simmer' -- in other words actually get it out there. I know in all the derivatives that we've developed, when you take these models and apply them to a specific problem, that's where you begin to get some of this evidentiary information. Rich Caralli: Right, if you're going to build a maturity model you need to be pretty tenacious because you have to know going in that the first model you build is going to be wrong. And iterations of that model in the future will also be wrong to some degree. But that's the important part of building it and using it in the community because that's where the community participates in defining what maturity really means for that community. And over time, iterative changes to that model reflect more and more empirical data, more and more factual basis for the transitions, and really does reflect the community's practice. Part 3: Three Types of Models - Progression, Capability, Hybrid Julia Allen: Great. Well let's -- given that we're kind of laying some foundational principles and constructs here, let's talk about some of the types of maturity models that you describe in your white papers. And I know right now we've got three notional ones. So let's talk about, first about a progression model and then later on we'll also talk about a capability model and a hybrid, just to give a preview to our listeners. So what is a progression model and how is it distinct in its features and characteristics? Rich Caralli: Okay. So we go into pretty good detail on this in the papers that you referenced at the beginning of the podcast. So I'll go through this fairly quickly and folks can go there for the details. But a simple progression model is just really a progression of scaling of those characteristics, indicators, attributes or patterns. So the level names or the definitions indicate progression -- meaning they focus on the domain-specific attributes. And the levels are often arbitrary; the grouping's arbitrary. So you might say -- if I'm using the example of accounting I might say the first level's pencil and paper and the next level is abacus and the next level's a calculator and the next level s computer.
6 This is not measuring capability or process maturity, even though it's often confused with doing that. And the movement between the levels is not validated. Now with that said, this can still be very useful for some communities because it at least gets the practices in a form that organizations can walk through them in a progressive way. Julia Allen: Right, and do you have an example, a security example, of what a progression would be, just to make it a little more tangible? Rich Caralli: Yes like authentication could be an example. So you might start with passwords; and then the next level would be strong passwords; another level up would be password changes on a specific interval like 60 days, then you might move to two-factor authentication; then to three-factor. So there is maturity in the progression in terms of the techniques or the practice. And it could be useful but it isn't measuring capability per se, it's measuring implementation of a practice. Julia Allen: Right, so it's a progression of techniques or methods or tools or technologies. But I think the key word you used is it's not measuring capability. So let's talk about capability models. How are they different or how do they expand or add value to a progression model? Rich Caralli: So a capability maturity model often measures organizational capability based on a collection of those characteristics, indicators, attributes, and patterns, which are typically expressed as processes. So you often hear a capability model being referred to as a process model, or the use of the CMM, the process improvement, is being characterized as modelbased process improvement. These kinds of models reflect the maturity of the culture and the degree to which the capabilities are actually institutionalized in the culture. And this is a very important distinction. When you're trying to measure effectiveness rather than implementation, you might want to measure something like maturity, because what you're looking to do is not just to measure whether the practice exists or is being done but the degree to which the practice is embedded in the culture, institutionalized, and can be retained under times of stress. So the levels in a CMM are often indicative of the degree to which you've achieved some level of process maturity, where the base practices typically exist at level 1. So for example, in the CMMI you might pick a base practice like requirements definition; and you can raise that practice from an ad hoc level to a managed level, then to a defined level, then to a quantitatively managed level and then to an optimized level. It's still the base practice -- base practices in requirements definition -- but the degree to which these practices are institutionalized, embedded in the culture, retained under times of stress, measured and managed, starts to go up as you measure your levels. RMM has the exact same concept in it. Julia Allen: Right, so just to make this more tangible by example -- so in your progression model, when you talked about authentication, you talked about going from passwords all the way up to two and three factor authentication, a progression of practice. If I was going to take that same example and put it into a capability maturity model construct, I would be wrapping around it management and planning and measurement and the kinds of activities that would need to take place in the organization -- we also use the term making it
7 sticky. So as you said, in the face of disruption and stress, that process is still robust, it's still -- authentication would still happen in the way that it's intended, correct? Rich Caralli: That's right, because in a CMM, the dimension that's actually being measured is that representation of organizational capability. And this is important because it measures more than the ability to just perform a simple task. It looks at a broader organizational capability and it reflects the maturity of the culture, and again the degree to which those capabilities are actually embedded. So the transitionable states in a CMM actually describe states of organizational maturity, relative to the indicators of maturity that are applied at each one of those levels. So it's a much more complex undertaking. You and I know as we were writing RMM how difficult it is to write a model with that level of structure and that level of architecture. But in practice when you start to see how that kind of model can actually help you measure not only whether or not you're doing something but whether you're doing it well -- which is the big leap here -- CMM is the only way to go to do that. Julia Allen: Got it. Okay so let's kind of ratchet this up another level and hopefully this will be clear as we go forward. But we actually have one really good example right now, and many coming, that are a hybrid or a combination of the best of a progression model and hopefully the best of a capability maturity model. So can you talk about this hybrid idea a little bit? Rich Caralli: Right, so we sort of coined the phrase 'hybrid' to define these more agile, better able to be implemented models that reflect not only the nice transformative progression half of a progressive model but also incorporate some of these stickiness concepts from the CMM. And so in essence what a hybrid model is, it's basically a progression model that defines the characteristics, indicators, attributes and patterns. So you still have that stacking like we talked about in the authentication methods where you're going from very rudimentary practices to very sophisticated practices. Then it overlays a capability model approach to reflect the transition between the levels. In other words, when you leave one level and go to the next level, it's because your transition is based on the degree to which you're institutionalizing those practices. So each domain then in a hybrid model becomes a logical grouping of practices, organized by the level -- the maturity levels -- but still representing progression as you move through the model. So the best way to describe a hybrid, if you've never seen one, is take the best of breed of a progression model and overlay the characteristics of a CMM on top of it, and get a model that gives you the ability to measure both progression and maturity at the same time. Julia Allen: I think an example would help here. And I know we have one good one with ES- C2M2. So how is that combination reflected in that model? Rich Caralli: So in ES-C2M2, we use what we call the MIL (Maturity Indicator Level) scale, which was a new scaling that we developed for these kinds of hybrid models that reflects the maturity scaling that you see in CMMI and RMM. And for the practices that we grouped at MIL level 1, those practices are performed but considered to be done in an ad hoc way. So in MIL level 2, as we progress to the next set of practices -- so the next most mature practices -- at MIL level 2, those practices are typically documented; the stakeholders of the practices have been identified; the resources have been provided to do the practice; and standards that support the practice have been identified.
8 So when we step from MIL level 1 to 2, we not only incremented the practice -- meaning the practice got more mature -- but the stickiness factors also got more mature. We went from doing the base set of practices in an ad hoc way to doing the next highest level set of practices in a documented, more planned way. And then as we move to MIL level 3, yet another iteration of practice maturity -- meaning we've now moved from changing passwords every 60 days to doing three-factor Authentication -- but we've also ratcheted up the stickiness factors. So at MIL level 3, the activities that are performed are guided by policy; they're reviewed on a regular basis; people are assigned responsibility for those practices; and the people who are doing them are highly skilled. So in this way we get the progression of the practice in a domain and we also get some of the stickiness factors that measure the degree to which you're doing these things well or doing them better. Julia Allen: Right, and my understanding -- I've not actually been in the field working with ES- C2M2 -- but my understanding is what this makes this appealing to the community that's using it is that instead of having the practices separated from institutionalizing or capability attributes or characteristics, you've got them all interwoven. So that as they actually implement or assess or try to identify an improvement path, it's much more clear what the steps they have to take are. Is that the message I should be getting? Rich Caralli: Absolutely, absolutely. And the thing that I really love about a hybrid model is -- and if anybody has listened to this podcast for 30 minutes, they'll understand what I'm talking about -- the maturity concepts are complex. They're difficult to understand, they're difficult to apply sometimes. In this particular model, we embed those in a way that the user doesn't really know and isn't completely overtaken by measuring that capability or that maturity aspect. They're focused on the practices and the maturity aspect of it is sort of a byproduct. So it takes the emphasis and puts it back on the practice like a progressive model does. But it gives you the benefit of the CMM kind of scaling without really having to be an expert in that space. And that's why I think we're going to see more models like this -- much more agile to use, much more, much easier to apply, and much easier to understand. Julia Allen: Great. Well I know that we've just explored the tip of the iceberg. And as you said, the whitepapers I think add a lot more detail. But I know you've got some exciting other sources to point our listeners to, including some planned future activities. So can you say a little bit about additional information on this topic? Rich Caralli: Yes absolutely. So as you said, we will be posting the two papers that sort of -- these papers sort of kicked off our effort with ES-C2M2 last year, trying to help the energy community understand all of these differences so that they could build a model that could actually be useable for them. Those papers will be posted with the podcast. I also invite people to go to the CMMI Institute website. We talked a lot about CMMI and models like the software and systems engineering models. But there's also CMMI for Services, which is a nice cousin to CERT-RMM. So you'll see some of this CMMness that's in action. There's also the RMM website where folks can download version 1.0 CERT- RMM, so they can see how we took those concepts and brought them to the operational side. There's also the
9 ES-C2M2 website where folks can download the very model we're talking about and maybe have that sitting alongside them as they listen to this podcast. And they can start to see some of these concepts come alive as they look at the actual model. We're also working on a technical note that's going to describe the MIL scale and the MIL scale stands for maturity indicator level. And basically what it does is it takes the maturity levels that you see in CMMI and RMM and breaks them down into more manageable chunks. One of the complaints about RMM early on was the ability to transition from level 1 in the model to level 2 was a huge leap. A lot of organizational structural things had to happen for that to be possible. So the MIL scale breaks this down into measureable and much more consumable chunks. And we're going to put that technical note out in the next couple of months, so folks can start to think about using this scale as they're building hybrid models. And then with my friend Mark Knight and company and Austin Montgomery, who also works at the SEI, we're about to begin building a paper called "Maturity Models 201." And basically what that's going to be is a selected overview of maturity models that are in use today, the management of those models, and the community benefits of using such models. So it's going to give a broader perspective on how communities can be transformed through the use of maturity models. Julia Allen: Well Rich, this has been an excellent, excellent conversation -- putting some key foundational concepts out there for folks to understand and digest and interact with. So I think you so very much for your time and preparation today. Rich Caralli: Thank you Julia; always a pleasure.
How the University of Pittsburgh Is Using the NIST Cybersecurity Framework Transcript Part 1: Applicability of the NIST CSF Lisa Young: Welcome to the CERT Podcast Series: Security for Business Leaders.
Raising the Bar: Mainstreaming CERT C Secure Coding Rules Transcript Part 1: How the Specification Came to be and Its Structure Julia Allen: Welcome to CERT's Podcast Series: Security for Business Leaders.
Supply Chain Risk Management: Managing Third Party and External Dependency Risk Transcript Part 1: Why SCRM Is Increasingly Critical Julia Allen: Welcome to CERT's Podcast Series: Security for Business
Cyber Insurance and Its Role in Mitigating Cybersecurity Risk Transcript Part 1: Defining Cyber Insurance; Positioning It as a Security Control Julia Allen: Welcome to CERT's Podcast Series: Security for
Electronic Health Records: Challenges for Patient Privacy & Security Transcript Part 1: Technical, Social, and Political Hurdles Julia Allen: Welcome to CERT's Podcast Series: Security for Business Leaders.
Okay welcome everybody! Thanks for attending the webinar today, my name is Mike Potter and we're going to be doing a demonstration today of some really exciting new features in open atrium 2 for handling
The Smart Grid: Managing Electrical Power Distribution and Use Transcript Part 1: The Vision for the Smart Grid Julia Allen: Welcome to CERT's Podcast Series: Security for Business Leaders. The CERT program
Dialog: VIP LESSON 049 - Future of Business A: We really embarrassed ourselves last night at that business function. B: What are you talking about? A: We didn't even have business cards to hand out. We
Computer Forensics for Business Leaders: Building Robust Policies and Processes Transcript Part 1: Why Policy Is Key Stephanie Losi: Welcome to CERT's podcast series: Security for Business Leaders. The
Killer Keyword Strategies - Day 1 "A Guaranteed Way To Find A Starving Crowd Using The Power Of Keyword Research..." The single biggest mistake many people make when starting a business is they'll create
Transcript - Episode 2: When Corporate Culture Threatens Data Security Guest: Phil Huggins, Vice President, Stroz Friedberg Welcome to Episode 2 of the Business of Truth podcast by Stroz Friedberg, "When
Excellence and Equity of Care and Education for Children and Families Part 3 Program Transcript FEMALE SPEAKER: Ms. Vazquez, in our final conversation, I'd like to speak with you about equity and excellence
Dialog: LESSON 120 - MBA A: What are you doing tomorrow? B: I'm starting my MBA. A: I thought you hated business. What changed your mind? B: I do hate it, but I need to start making more money. A: MBA's
BBBT Podcast Transcript About the BBBT Vendor: The Boulder Brain Trust, or BBBT, was founded in 2006 by Claudia Imhoff. Its mission is to leverage business intelligence for industry vendors, for its members,
IBM Global Technology Services www.ibm.com/services IBM Podcast Using collaboration to enable the innovators in your organization Welcome to the IBM CIO Podcast Series. I'm your host, Jeff Gluck, and my
Pittsburgh, PA 15213-3890 Phoenix, AZ 85046-1624 Interpreting CMMI for Business Development Organizations Presented by Don Beynon, Software Engineering Institute and Howard Nutt, Business Development Institute
Transcription Founder Interview - Panayotis Vryonis Talks About BigStash Cloud Storage Media Duration: 28:45 Feel free to quote any passage from this interview for your articles. Please reference cloudwards.net
Next Generation Tech-Talk Cloud Based Business Collaboration with Cisco Spark 2 [music] 00:06 Phil Calzadilla: Hello, hello! Welcome. This is Phil Calzadilla founder and CEO of NextNet Partners, and I'd
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division James Stevens is a senior member of the technical staff
The Interview Series - Presented by SmartFunnel Interviews of Sales + Marketing Industry Leaders Louis Gudema: Founder and President of Revenue + Associates PETER: Hello folks this is Peter Fillmore speaking.
CHARLIE FISS: Good afternoon, everyone. Welcome to our media teleconference for the College Football Playoffs Semifinal at the Goodyear Cotton Bowl Classic. Those participating on today's teleconference
Resilience Management Through the Use of CERT-RMM and Associated Success Stories Dr. Nader Mehravari, MBCP, MBCI CERT Cyber Resilience Center Software Engineering Institute Carnegie Mellon University firstname.lastname@example.org
Developing Practitioner Competencies that Support Inclusion: An Innovative Approach How is your state approaching the development of professional competencies that support? Read about Florida s work and
Real Estate Investing Podcast Episode # 74 The ABCs of Finding and Training a Virtual Assistant Hosted by: Joe McCall and Alex Joungblood Jesse: Hey, welcome back. This is Real Estate Investing Mastery.
Leveraging CMMI framework for Engineering Services Regu Ayyaswamy, Mala Murugappan Tata Consultancy Services Ltd. Introduction In response to Global market demand, several OEMs adopt Global Engineering
731-04-joel_maloff-phone.com-cloud_based_phone_service Page 1 of 5 Ranked the #1 radio show in the Boston Market in its time-slot, and with more than 5,500,000 Podcast downloads, Tech Talk With Craig Peterson
CIO 24/7 Podcast No.6 Cloud Computing Welcome to edition six of Accenture s CIO 24/7 podcast. We bring you practical real world insight on IT delivery and strategy straight from the leaders of Accenture
Best Practices in Mobile Enterprise App Strategy, Development and Deployment A Customer Conversation with Daimler Trucks North America Recorded: December 9, 2011 TRANSCRIPT Participants: Moderator: Joanie
MMBA 6530 Week 2, Lecture 1-1 SLIDE 1 Today we're going to be talking about market research. The objectives are that you be able to explain the uses and importance of market research to explain the differences
Killer Keyword Strategies - Day 3 "How To Virtually Guarantee That You Find Profitable Keywords For Google Adwords..." Over the past several years Google Adwords has become THE most effective way to guarantee
A Report on The Capability Maturity Model Hakan Bayraksan hxb07u 29 November 2009 G53QAT Table of Contents Introduction...2 The evolution of CMMI...3 CMM... 3 CMMI... 3 The definition of CMMI... 4 Level
Google Lead Generation For Attorneys - Leverage The Power Of Adwords To Grow Your Law Business FAST You re about to discover the secrets of fast legal practice success with Google AdWords. Google AdWords
Panelists: Bryn Bakoyema Daryl Chansuthus Cheri Richards Please note: The following is a direct transcription and has not been edited. Bryn Bakoyema: This is as you see here the topic is about evaluating
BBBT Podcast Transcript About the BBBT Vendor: The Boulder Brain Trust, or BBBT, was founded in 2006 by Claudia Imhoff. Its mission is to leverage business intelligence for industry vendors, for its members,
This is the most effective and powerful script for securing appointment with FSBO's you will ever put to use. This scrip will increase your appointment closing ratio by 50-60%. The thing to keep in mind
IAM/IAG Maturity Assessment Dos & Don'ts Thursday, May 15th, 15:30 16:00 Dr. Horst Walther Senior Analyst KuppingerCole email@example.com IAM/IAG Maturity Assessment Dos & Don ts Rating the maturity
Page 1 MS Learn Online Feature Presentation Managing Symptoms: Vision Nancy Holland, Ed.D, RN, MSCN Tom>> Welcome to MS Learn Online, I m Tom Kimball Tracey>> And I m Tracey Kimball. People living with
How to Create Winning Joint Ventures Jim Ingersoll here with another segment on private lender financing and your private lending course. I'm excited to have you along. Now that you know why you want to
1 Google Lead Generation For Attorneys Leverage The Power Of AdWords To Grow Your Law Business FAST You re about to discover the secrets of fast legal practice success with Google AdWords. Google AdWords
CAPABILITY MATURITY MODEL INTEGRATION Radu CONSTANTINESCU PhD Candidate, University Assistant Academy of Economic Studies, Bucharest, Romania E-mail: firstname.lastname@example.org Web page: http:// www.raduconstantinescu.ase.ro
Murat Ulasir (OHM Advisors): Welcome to the Advancing Communities Show brought to you by OHM Advisors. I am Murat Ulasir and I am the infrastructure asset planning specialist here at OHM Advisors. I am
Transdyne Corporation CMMI Implementations in Small & Medium Organizations Using the Agile Methodology to Mitigate the Risks of Highly Adaptive Projects Dana Roberson Quality Software Engineer NNSA Service
Guide for Local Business Google Pay Per Click Marketing! Guide for Google Pay Per Click Marketing - Leverage The Power Of Adwords To Grow Your Business FAST You re about to discover the secrets of fast
1 MODELS OF ACHIEVEMENT EP 8 SEG 1 GENNA ANNETTE SHUN WAH: Hi, I'm Annette Shun Wah, welcome to Models of Achievement. In this series we're exploring the successes and aspirations of extraordinary Australians
The Importance of Software Process Management for Software Quality, Testing and Industry Development Presented at the China s Software Quality, Testing and Industry Development Strategy Seminar Beijing
How to Perform a Break-Even Analysis in a Retail Store A Step by Step Guide By BizMove Management Training Institute Other free books by BizMove that may interest you: Free starting a business books Free
Persona name Amanda Industry, geographic or other segments B2B Roles Digital Marketing Manager, Marketing Manager, Agency Owner Reports to VP Marketing or Agency Owner Education Bachelors in Marketing,
The Challenge of Helping Adults Learn: Principles for Teaching Technical Information to Adults S. Joseph Levine, Ph.D. Michigan State University email@example.com One of a series of workshop handouts made
The Application of IEEE Software and System Engineering Standards in Support of Software Process Improvement Susan K. (Kathy) Land Northrop Grumman IT Huntsville, AL firstname.lastname@example.org In Other Words Using
Name Transcript kateburley77 Where is the best place to look for jobs within : agencies? Is it mostly perspective applications that are welcomed? Richard @ The best advice I can give for approaching Advertising
By Laura Brandenburg Lesson Objective: After completing this lesson, you ll be able to break down the IIBA definition of business analysis and describe its key parts. 5 KEY ELEMENTS OF BUSINESS ANALYSIS
Lecture 8 About Quality and Quality Management Systems Kari Systä 10.03.2014 10.03.2014 TIE-21100/21106; K.Systä 1 Content of today s lecture Two weeks ago we discussed about testing and inspections, that
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
Scripts for Recruiters Companion Script Guide for The New Recruiters Tool Kit www.greatrecruitertraining.com Copyright 2010 Scott Love 1 How to Use This Guide Use this companion script guide while watching
The Agile Business Analyst IT s all about being Agile? You re working as a Business Analyst in a traditional project environment, specifying the requirements for IT Developers to build. Suddenly everyone
Dialog: VIP LESSON 001 - Alimony A: Why is Kevin selling his house? B: He's getting a divorce and says he won't be able to pay for it after he pays alimony and child support. A: Why is he getting a divorce?
BACKGROUND CONFERENCE CALL WITH SENIOR ADMINISTRATION OFFICIALS ON THE CONSEQUENCES OF ALLOWING THE PROTECT AMERICA ACT TO EXPIRE February 22, 2008-6:00 P.M. MR. ROEHRKASSE (Department of Justice): This
Transcription Media File Name: 030216-Radio-BahaZeidan.mp4 Media File ID: 2466386 Media Duration: 8:41 Order Number: Date Ordered: 2016-04-18 Transcription by Speechpad www.speechpad.com Support questions:
WhatWorks: Blocking Complex Malware Threats at Boston Financial with WhatWorks is a user-to-user program in which security managers who have implemented effective internet security technologies tell why
SCHRODERS Q1 Interim Management Statement 2015 Conference Call Michael Dobson Thursday 30 April 2015 9:00 a.m. BST Good morning. Thank you for standing by, and welcome to the Q1 interim management statement
Speaker 1: In this episode, I want to discuss how to describe things in your personal statements or in your application materials when you have to talk about something that's a bad thing from your past,
Hi. And welcome to Cigna s podcast about a white paper we published recently. You can read along with Maximizing the Value of Consumer Driven Health Plans, or you can just sit back and we ll take you through
INTERNATIONAL CONFERENCE ON ENGINEERING DESIGN, ICED 07 28-31 AUGUST 2007, CITE DES SCIENCES ET DE L'INDUSTRIE, PARIS, FRANCE Nydia González 1, Franck Marle 1 and Jean-Claude Bocquet 1 1 Ecole Centrale
Presents: Podcast Interview Episode 108 SEO is EASIER today than it has EVER been - With Court Tuttle By: Leslie Samuel Copyright 2013. All Rights Reserved. www.becomeablogger.com - Page 1 This Transcript
Jenesis Software - Podcast Episode 2 All right, welcome to episode two with Chuck, Eddie, And Benny. And we're doing some technical talk today about network speed on episode two. Let's talk about, guys,
"I m One Of The UK s Top Horse Racing Tipsters & I m Going To Show You My Closely Guarded Secrets Of How I Make Thousands From Horse Racing So You Can Too!" Date Hello, Good Afternoon and Welcome to Pegasus
GLOSSARY overhead the money a company spends to run its business * Moving to a bigger office building will mean an increase in the company s overhead for upcoming years. to outsource to have company business
Online leadership academy at Telefonica O2 How learning design and technology can provide a complete learning journey O ne of the biggest L&D investments organisations make is in their leadership development
I've got a quick question for you If you've been trying to learn to read Tarot, does any of the following sound familiar? "I can't seem to commit the Tarot card meanings to memory. I try, but memorising
Chapter 10. Becoming an Agile Enterprise Continuous improvement is not about the things you do well that's work. Continuous improvement is about removing the things that get in the way of your work. The
ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL Time is running out for the traditional, monopolistic IT model now that users have so many alternatives readily available. Today s enterprises
CASE STUDY ORACLE NAIO Excellence combined with Quality A CMMI Case study softwaredi xide com www.qaiasia.com THE CLIENT Process and Quality are important for measuring improvement. Improvement means different
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
Quarterly Mobile Apps, Business Intelligence, & Database BILT Meeting June 17, 2014 Meeting Minutes :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
How to Set Up Automated Marketing Funnels That Capture Leads and Drive Sales Interview with Scott Bradley Tom: Thank you for joining us on the call, Scott. Today we're going to talk mostly about how to
Cell Phone Hijacking >> After four months of harassing phone calls, Heather and Courtney Kuykendall were afraid to answer their cell phones. The graphic violent threats came at all hours, forcing the family
A Family Evaluation Framework overview & introduction P B Frank van der Linden O Partner: Philips Medical Systems Veenpluis 4-6 5684 PC Best, the Netherlands Date: 29 August, 2005 Number: PH-0503-01 Version:
1 A Near Secret SEO Strategy Turbo-Charged Using SEO Zen by John Pearce and Chris Cantell Hi everyone, John Pearce here and I m really excited about SEO. The reason is the success we ve been having with
Podcast Transcription Session 20: Renaud Laplanche Peter Renton: Welcome the Lend Academy Podcast, session number 20. This is your host, Peter Renton, founder of Lend Academy. [music] Peter: So we have
These Two Words Just Made Us 37% In 3 Months "These Two Words Just Made Us 37% In 3 Months" Using these "two words" in your 401k, IRA or any other investment account can make you very wealthy... What are