New set of security metrics on the way

A federal task force will be coming up with new metrics for information security performance that focuses on outcomes. Agencies will receive a draft in November with requests for comments.

Federal CIO Vivek Kundra, along with Navy CIO Robert Carey and Justice CIO Vance Hitch, write on the blog of the IT Dashboard that approaches to cybersecurity must confront new realities as threats to the nation's IT security evolve, according to an article in govinfosecurity.com.

"In order to meet the evolving challenges we now face, the Federal Information Security Management Act metrics need to be rationalized to focus on outcomes over compliance. Doing so will enable new and actionable insight into agencies' information and network security postures, possible vulnerabilities and the ability to better protect our federal systems," they wrote.

Those involved in developing the new security standards and protocols agree that it could move the agencies forward in securing their systems as "what gets measured, gets done," the blog said.

The work on the new metrics comes as agencies are studying the Consensus Audit Guidelines that were released in February by about 50 federal and industry colleagues. These detail the top 20 security threats and the controls to mitigate them, according to an article on FederalNewsRadio.com.

For more on the new metrics:
- check out this govinfosecurity.com article

Related Articles:
Kundra defends federal cookie policy plans
Kundra warns of data explosion
CIO Council: Don't rush into social networking