July 16, 2008
Author(s)
Elizabeth Chew, Marianne M. Swanson, Kevin M. Stine, N Bartol, Anthony Brown, W Robinson
This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security