NIST Special Publication 800-55 Volume 1, titled “Measurement Guide for Information Security,” provides a flexible and comprehensive approach for developing, selecting, and prioritizing information security measures at the organizational, mission/business, and system levels. The guide focuses on helping organizations describe and quantify their information security posture, evaluate the effectiveness of policies, procedures, and controls, and make informed, data-driven decisions for resource allocation and risk management. It covers both qualitative and quantitative assessment methods, provides guidance on data analysis techniques, and emphasizes the importance of meaningful metrics that align with organizational goals to monitor information security risk management success. This volume is framework-agnostic and supports organizations in tracking long-term trends and improving their security programs effectively
Home / Function (NIST CSF 2.0) / DE - Detect / MN - Monitoring
NIST SP 800-55 Vol. 1 Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures
This document focuses on:KRI