This report provides a broad picture of the current state of cyber security and information assurance (CS/IA), as well as, a comprehensive look at the progress made in the CS/IA measurement discipline over the last nine years since CSIAC published its IA Metrics Critical Review and Technology Assessment (CR/TA) Report in 2000. Progress has been made, but much remains to be done to achieve the goal of real-time, accurate CS/IA measurement. Enabling such measurement would make it possible to understand, improve, and predict the state of CS/IA.
- Standards Based Cyber Risk Assessment Framework CSIAC Webinar
- Software Assurance Measurement – Establishing a Confidence that Security is Sufficient Journal Article
- The Cyber Security Collaborative Research Alliance: Unifying Detection, Agility, and Risk in Mission-Oriented Cyber Decision Making Journal Article
- Improving Software Assurance through Static Analysis Tool Expositions Journal Article
- Information Security Continuous Monitoring (ISCM) Journal Article