sábado, 1 de agosto de 2009

The CIS Security Metrics ver 1.0 (Mayo 2009)

The Center for Internet Security - Consensus Security Metrics Resources - CIS Consensus Security Metrics

Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely accepted and unambiguous metrics for decision support. CIS established a consensus team of one hundred (100) industry experts to address this need. The result is a set of standard metrics and data definitions that can be used across organizations to collect and analyze data on security process performance and outcomes.

This document contains twenty (20) metric definitions for six (6) important business functions: Incident Management, Vulnerability Management, Patch Management, Application Security, Configuration Management and Financial Metrics. Additional consensus metrics are currently being defined for these and additional business functions.

Download (PDF, 83 Pag.)

No hay comentarios: