Developing a Cybersecurity Scorecard - NIST

Developing a Cybersecurity

Scorecard

U.S. Department of Agriculture Farm Service Agency

Foundation

People & Organizations Contribute to Outcomes Good Management Through Measurement Confidence Through Transparency Requires Evidence Performance Improves Through Recognition and Feedback All Levels Value Communication

NIST References

NIST Special Publication 800-55 Revision 1: Performance Measurement Guide for Information Security

Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol, Anthony Brown, and Will Robinson

n800-55r1.pdf

ITL Bullentin Security Metrics: Measurements to Support the Continued Development of Information Security Technology

Shirley Radack

f

Especially pages 2-4 "Issues In Developing Security Metrics"

NISTIR 7564: Directions in Security Metrics Research Wayne Jansen

Especially Section 3 "Aspects of Security Measurement"

Why a Scorecard?

People & Organizations Contribute to Outcomes

Results-based Management (RBM) uses feedback loops to achieve strategic goals.

Information Accountability Recognition

Feedback



Improvement

What went

well? Do we Review

need to adapt?

Assess What is the current situation?

Do Get it done.

How's it going?

Results-based Management

Think

What caused

it?

Plan How are we

going to do it? Resources.



Envision

What are we going to

achieve?

Developing a Scorecard

Developing a Scorecard

Define Success: What is the objective?

What does success ( "good") look like? To the taxpayer, your customer, the Administration, your

executive(s), you? We are conditioned to respond to information presented in

certain ways...



 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download