"Wanted: Metrics for Measuring Cyber Performance and Effectiveness"
As organizations continue to face the evolving cybersecurity threat landscape, chief information security officers (CISOs) must face the difficult challenges of selecting which cybersecurity tools to implement into their systems and measuring the effectiveness of their promised capabilities. The Defense Information System Agency (DISA) and the National Security Agency (NSA) have developed the NIPRNet/SIPRNET Cyber Security Architecture Review (NSCSAR) in an attempt to provide a framework for the measurement of cybersecurity tool performance. NSS Labs Inc. also conducts tests on the performance of cyber defense products such as firewalls, advanced endpoint protection tools, and more. This article further discusses the difficulty faced in measuring the success of cybersecurity tools, the NSCSAR review, services provided by NSS Labs in the testing of cyber defense tools, along with concerns raised by point-in-time measures and traditional risk management.
GovTechWorks reports "Wanted: Metrics for Measuring Cyber Performance and Effectiveness"