| Abstract: |
This ITL Bulletin summarizes the recently published NIST Special Publication (SP) 800-55, Security Metrics Guide for Information Technology Systems, by Marianne Swanson, Nadya Bartol, John Sabato, Joan Hash, and Laurie Graffo. NIST SP 800-55 provides guidance for IT managers and security professionals at all levels, inside and outside of government. The document describes the development and implementation of an IT security metrics program and provides examples of metrics based on the critical elements and security controls and techniques contained in NIST SP 800-26, Security Self-Assessment Guide for Information Technology Systems. |
Click here to retrieve PDF version of paper (321KB)