Center For Internet Security Issues Free Security Metrics
Global coalition of enterprises, government, and vendors looks to its vendor members to automate collection of new metrics in their products
By Kelly Jackson Higgins |DarkReading
The Center for Internet Security last Wednesday issued a set of free metrics for organizations to use in measuring their security postures.
CIS, a coalition of enterprises, government agencies, universities, and vendors from around the world, in September provided an overview of the user-driven metrics project. The organization now has published a series of metrics for organizations to measure their key security operations -- incident management, vulnerability management, patch management, application security, configuration management, and financial metrics.
Continue Dark Reading
Here's more information:
The Security Configuration
Benchmarks below are distributed free of charge to propagate their
worldwide use and adoption as user originated, de facto standards.
The CIS Benchmarks are the ONLY consensus best practice security
configuration standards both developed and accepted by government,
business, industry, and academia.
The Benchmarks are:
- Recommended
technical control rules/values for hardening operating systems,
middleware and software applications, and network devices;- Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
- Downloaded approximately 1 million times per year;
- Distributed freely by CIS in .PDF format (some are available to CIS Members only in XML format via the CIS Members web site);
- Used
by thousands of enterprises as the basis for security configuration
policies and the de facto standard against which to compare them.
For more information about the benchmarks and tools: