Internet Security Alliance: Framework metrics would help businesses prioritize efforts

The Internet Security Alliance is calling for metrics that allow businesses to prioritize their cybersecurity efforts based on the National Institute of Standards and Technology cybersecurity framework, while stressing the need for NIST and other agencies to continue promoting the voluntary, public-private partnership approach to cybersecurity.

The comments come in response to a request for information on proposed revisions to the landmark NIST cyber framework, originally issued in 2014, that include a discussion about ways to measure the tool’s effectiveness. NIST will host a workshop on May 16-17 to further explore the revisions and seek feedback from industry.

In its comments – submitted Monday in conjunction with the FAIR Institute, an organization involved with “advancing the discipline of measuring and managing information risk” – ISA also calls on NIST to “convene a program of similar size and scope as that went into development” of version 1.0 of the cyber framework….SOURCE