Download or read book NIST Special Publication 800-55 Rev1 Security Metrics Guide for Information Technology Systems written by Nist and published by . This book was released on 2012-02-29 with total page 82 pages. Available in PDF, EPUB and Kindle. Book excerpt: This is a Hard copy of the NIST Special Publication 800-55 Rev1 NIST Special Publication (SP) 800-55.This document is a guide for the specific development, selection, and implementation of information system-level and program-level measures to indicate the implementation, efficiency/effectiveness, and impact of security controls, and other security-related activities. It provides guidelines on how an organization, through the use of measures, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional information security resources, identify and evaluate nonproductive security controls, and prioritize security controls for continuous monitoring.It explains the measurement development and implementation processes and how measures can be used to adequately justify information security investments and support risk- based decisions. The results of an effective information security measurement program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. Successful implementation of such a program assists agencies in meeting the annual requirements of the Office of Management and Budget (OMB) to report the status of agency information security programs.NIST Special Publication (SP) 800-55, Revision 1, expands upon NIST's previous work in the field of information security measures to provide additional program-level guidelines for quantifying information security performance in support of organizational strategic goals. The processes and methodologies described in this document link information system security performance to agency performance by leveraging agency-level strategic planning processes. By doing so, the processes and methodologies help demonstrate how information security contributes to accomplishing agency strategic goals and objectives. Performance measures developed according to this guide will enhance the ability of agencies to respond to a variety of federal government mandates and initiatives, including FISMA.This publication uses the security controls identified in NIST SP 800-53, Recommended Security Controls for Federal Information Systems, as a basis for developing measures that support the evaluation of information security programs. In addition to providing guidelines on developing measures, the guide lists a number of candidate measures that agencies can tailor, expand, or use as models for developing other measures.1 While focused on NIST SP 800-53 security controls, the process described in this guide can be applied to develop agency-specific measures related to security controls that are not included in NIST SP 800-53.Disclaimer This hardcopy is not published by National Institute of Standards and Technology (NIST), the US Government or US Department of Commerce. The publication of this document should not in any way imply any relationship or affiliation to the above named organizations and Government.