Resources
Location:
Security Metrics Guide for Information Technology Systems

Security Metrics Guide for Information Technology Systems

Title:Security Metrics Guide for Information Technology Systems (ID: CSD5070)
Author(s):Joan Hash (National Institute of Standards and Technology), John Sabato (National Institute of Standards and Technology), Laurie Graffo (National Institute of Standards and Technology), Marianne Swanson (National Institute of Standards and Technology) and Nadya Bartol (National Institute of Standards and Technology)
Topics:Security Management, Security Metrics
Origin:Community Contributions (07/23/2003)
Type:Government Documents, Laws, Testimonies or Reports
Abstract:

This document provides guidance on how an organization, through the use of metrics, identifies
the adequacy of in-place security controls, policies, and procedures. It provides an approach to
help management decide where to invest in additional security protection resources or identify
and evaluate nonproductive controls. It explains the metric development and implementation
process and how it can also be used to adequately justify security control investments. The
results of an effective metric program can provide useful data for directing the allocation of
information security resources and should simplify the preparation of performance-related
reports.

View this resource:
[Off site]
 | 
Bookmark/Search this page with:
   del.icio.us   Digg   Google   Yahoo   Technorati Stumbleupon Facebook Twitter

 
© Copyright 1999-2009 EDUCAUSE
  Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.