Consensus IT security metrics
Posted on 04 November 2010.
The Center for Internet Security (CIS) announced an updated release of its CIS Metrics, the industry’s first consensus metrics for information security.

The release represents the next evolution of the Metrics and incorporates input from experts in the public and private sectors to provide additional guidance in a number of key areas. CIS also released today a new Quick Start Guide to help users more rapidly and effectively implement the CIS Metrics.

The updates feature eight new metrics to address industry needs such as Incident Impact and Configuration Compliance. Also included are taxonomies to help standardize metrics reporting, along with relationship diagrams for metrics data sets to enable easier integration into existing or custom automation solutions.

The updated CIS Metrics now comprise 28 definitions representing a balanced combination of processes and outcomes across seven business functions: Incident Management, Vulnerability Management, Patch Management, Application Security, Configuration Management, Change Management, and Finance.

CIS also released a new Quick Start Guide for the CIS Metrics. The Guide was developed in collaboration with CIS Members and others to further help organizations understand and implement the Metrics in order to achieve the most value from them. The Guide is designed for both technical and non-technical users and includes information on how to select what metrics to implement, how to create datasets and metrics results and how to present them in an effective manner.

The CIS metrics are developed through consensus among more than 150 security experts from commercial enterprises, government and academia. Participants provide perspectives from a diverse set of backgrounds, including software development, audit and compliance, research and legal. The Metrics provide unambiguous definitions for security professionals to measure some of the most important aspects of the information security status of an enterprise.

The CIS Metrics and Quick Start Guide are available for download free of charge.





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //