This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security, by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. The guide provides specific advice on developing, selecting, and implementing information system-level and program-level performance measures, and then using the performance measures to evaluate the adequacy of existing security controls, policies, and procedures. The bulletin summarizes the information in NIST SP 800-55, and covers performance measurement processes that help managers decide what security controls are non-productive and where to invest in additional information security resources. The bulletin also addresses the performance measurement development and implementation processes and how measures can be used to adequately justify information security investments and support risk-based decisions.
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security, by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. The guide provides specific advice on...
See full abstract
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security, by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. The guide provides specific advice on developing, selecting, and implementing information system-level and program-level performance measures, and then using the performance measures to evaluate the adequacy of existing security controls, policies, and procedures. The bulletin summarizes the information in NIST SP 800-55, and covers performance measurement processes that help managers decide what security controls are non-productive and where to invest in additional information security resources. The bulletin also addresses the performance measurement development and implementation processes and how measures can be used to adequately justify information security investments and support risk-based decisions.
Hide full abstract
Keywords
data collection; FISMA; information systems security; information technology; performance data; performance measurement; risk management; security controls; security management; security measurements.
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
