An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Using Performance Measurements to Evaluate and Strengthen Information System Security
Published
Author(s)
Shirley M. Radack
Abstract
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security, by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. The guide provides specific advice on developing, selecting, and implementing information system-level and program-level performance measures, and then using the performance measures to evaluate the adequacy of existing security controls, policies, and procedures. The bulletin summarizes the information in NIST SP 800-55, and covers performance measurement processes that help managers decide what security controls are non-productive and where to invest in additional information security resources. The bulletin also addresses the performance measurement development and implementation processes and how measures can be used to adequately justify information security investments and support risk-based decisions.
Data collection, FISMA, information systems security, information technology, performance data, performance measurement, risk management, security controls, security management, security measurements.
Citation
Radack, S.
(2008),
Using Performance Measurements to Evaluate and Strengthen Information System Security, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=890085
(Accessed September 19, 2024)