Using Performance Measurements to Evaluate and Strengthen Information System Security
Shirley M. Radack
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-55, Revision 1, Performance Measurement Guide for Information Security, by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson. The guide provides specific advice on developing, selecting, and implementing information system-level and program-level performance measures, and then using the performance measures to evaluate the adequacy of existing security controls, policies, and procedures. The bulletin summarizes the information in NIST SP 800-55, and covers performance measurement processes that help managers decide what security controls are non-productive and where to invest in additional information security resources. The bulletin also addresses the performance measurement development and implementation processes and how measures can be used to adequately justify information security investments and support risk-based decisions.
Data collection, FISMA, information systems security, information technology, performance data, performance measurement, risk management, security controls, security management, security measurements.
Using Performance Measurements to Evaluate and Strengthen Information System Security, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=890085
(Accessed June 5, 2023)