Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Performance Measurement Guide for Information Security

NIST Authors in Bold

Author(s): Elizabeth Chew; Marianne M. Swanson; Kevin M. Stine; N Bartol; Anthony Brown; W Robinson;
Title: Performance Measurement Guide for Information Security
Published: July 16, 2008
Abstract: This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. [Supersedes SP 800-55 (August 2003): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=50755]
Citation: Special Publication (NIST SP) - 800-55 Rev 1
Pages: 80 pp.
Keywords: information security, metrics, measures, security controls, performance, reports
Research Areas: Information Technology, Computer Security, Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (1MB)