|
Industry & Community Links
Security performance metrics are a hot topic within the security community. Here are some links to helpful security metrics resources:  | Cloud Security Alliance
To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing. |  | securitymetrics.org
securitymetrics.org is a community website for security metrics practitioners. |  | Center for Internet Security
The Center for Internet Security (CIS) is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. |  | CERT
The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University. |  | Information Systems Audit & Control Association (ISACA)
ISACA got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. | 
| Information Systems Security Association (ISSA)
The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications and peer interaction opportunities that enhance the knowledge, skill and professional growth of its members. | 
| National Institute of Standards and Technology (NIST): Security Metrics Guide for Information Technology Systems
This document provides guidance on how an organization, through the use of metrics, identifies the adequacy of in-place security controls, policies, and procedures. It provides an approach to help management decide where to invest in additional security protection resources or identify and evaluate nonproductive controls. It explains the metric development and implementation process and how it can also be used to adequately justify security control investments. The results of an effective metric program can provide useful data for directing the allocation of information security resources and should simplify the preparation of performance-related reports. |  | SysAdmin, Audit, Network, Security (SANS) Institute
SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. | 
| Financial Services Information Sharing and Analysis Center (FSISAC)
Constantly gathering reliable and timely information from financial services providers, commercial security firms, federal, state and local government agencies, law enforcement and other trusted resources, the FS-ISAC is now uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information to your organization. This information includes analysis and recommended solutions from leading industry experts. |  | Systems Security Engineering –Capability Maturity Model: Security Metrics
The International Systems Security Engineering Association (ISSEA) is a non-profit membership organization dedicated to the advancement of Systems Security Engineering as a defined and measurable discipline. Established in 1999, ISSEA and its members are tasked with the maintenance of the SSE-CMM |  | The Institute for Security and Open Methodologies (ISECOM)
ISECOM is an open, collaborative, security research community established in January 2001. In order to fulfill its mission focus to apply critical thinking and scientific methodology to all facets of security, ISECOM is chartered as a commercial-free and non-partisan organization. ISECOM is registered non-profit organization operating from Barcelona, Spain and New York, USA. The ISECOM Board of Directors reflects many countries representing thousands of members and volunteers from around the world. In a world of increasing commercial and industrial misrepresentation of security, ISECOM enables logical and rational decision-making in all aspects of security, integrity, privacy, and safety. |  |
The Institute of Internal Auditors (IIA)
Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association with global headquarters in Altamonte Springs, Fla., USA. The IIA is the internal audit profession's global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. Members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
|  | Open Web Application Security Project (OWASP)
The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all. |
|