This report provides a broad picture of the current state of cyber security and information assurance (CS/IA), as well as, a comprehensive look at the progress made in the CS/IA measurement discipline over the last nine years since CSIAC published its IA Metrics Critical Review and Technology Assessment (CR/TA) Report in 2000. Progress has been made, but much remains to be done to achieve the goal of real-time, accurate CS/IA measurement. Enabling such measurement would make it possible to understand, improve, and predict the state of CS/IA.
- New Report: Into the Gray Zone: The Private Sector and Active Defense Against Cyber Threats Digest Article
- Standards Based Cyber Risk Assessment Framework CSIAC Webinar
- The Cyber Security Collaborative Research Alliance: Unifying Detection, Agility, and Risk in Mission-Oriented Cyber Decision Making Journal Article
- Information Security Continuous Monitoring (ISCM) Journal Article
- NISTIR 8011 Automation Support for Security Control Assessments – Volume 1: Overview Reference Document