NIST has recently released the Revision 1 of their “Special Publication 800-55”, called “Performance Measurement Guide for Information Security”, which focuses on Security Metrics.
This is of some relevance also for people working in the “Identity Management” space and related control points (despite primarily targeting US federal agencies):
“This document is a guide to assist in the development, selection, and implementation of measures to be used at the information system and program levels. These measures indicate the effectiveness of security controls applied to information systems and supporting information security programs. Such measures are used to facilitate decision making, improve performance and increase accountability through the collection, analysis, and reporting of relevant performance-related data—providing a way to tie the implementation, efficiency, and effectiveness of information system and program security controls to an agency’s success in achieving its mission. The performance measures development process described in this guide will assist agency information security practitioners in establishing a relationship between information system and program security activities under their purview and the agency mission, helping to demonstrate the value of information security to their organization.”
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment