Prerequisite: None

The U.S. government plans to introduce standard metrics for measuring the effectiveness of its cybersecurity efforts by the end of 2009. The announcement comes at a time where the Federal Information Security Management Act, the government's main cybersecurity regulation, has been criticized for being inadequate and incomplete in terms of performance measurement.

In order to develop the standards, the Security Metrics Taskforce has been developed and will draw on best practices from federal agencies and the private sector. The new metrics will focus on "a trust but verify approach" to cybersecurity, meeting legal requirements, and a "real-time awareness security posture." This session will focus on the draft metrics.