(NIST: Gaithersburg, MD) -- Imagine you’re the new head of cybersecurity at your company. Your team has made a solid start at mounting defenses to ward off hackers and ransomware attacks. As cybersecurity threats continue to mount, you need to show improvements over time to your CEO and customers. How do you measure your progress and present it using meaningful, numerical details? 

You might want a road map for creating a practical information security measurement program—and you’ll find it in newly revised draft guidance from the National Institute of Standards and Technology (NIST). The two-volume document, titled NIST Special Publication (SP) 800-55 Revision 2: Measurement Guide for Information Security, offers guidance on developing an effective program and a flexible approach for developing information security measures to meet your organization’s performance goals. NIST is calling for public comments on this initial public draft by March 18, 2024. 

 …