02099nam 2200421 450 991069384090332120230306190429.0(CKB)2430000000035991(NjHacI)992430000000035991(OCoLC)55701859ocm55701859(OCoLC)992430000000035991(EXLCZ)99243000000003599120230306d2003 uy 0engur|||||||||||txtrdacontentcrdamediacrrdacarrierSecurity metrics guide for information technology systems /Marianne Swanson [and four others]Gaithersburg, Md. :National Institute of Standards and Technology, Technology Administration,2003.1 online resourceNIST special publication; NIST special pub; NIST SPTitle from title screen (viewed on June 23, 2004).Includes bibliographical references.This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or when to research the causes of nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports.Computer securityComputer security.535.84Swanson Marianne1352963Swanson Marianne1352963National Institute of Standards and Technology (U.S.)NjHacINjHaclBOOK9910693840903321Security metrics guide for information technology systems3215508UNINA