Performance Measurement Guide: Demonstrate the Value of Information Security

Slide Show

Eight Steps to Enterprise Data Protection

Eight steps to developing an enterprise data security plan.

When it comes to information security, creating and enforcing controls, policies and procedures is only part of the story. IT also needs the ability to measure the performance of information security practices so that their benefits can be demonstrated to the rest of the organization. Performance measures can be used by the business as management tools in internal improvement efforts and can be tied to larger strategic planning initiatives.


The National Institute of Standards and Technology created the Performance Measurement Guide for Information Security to aid other organizations in the development, selection and implementation of system- and program-level measures to indicate the efficiency, effectiveness and impact of security-related efforts.


These performance measurements aid in:

  • Decision-making
  • Improving performance
  • Increasing accountability by requiring the collection, analysis and reporting of performance-related data


Use the NIST's guidelines to establish a clear, solid link between information system and program security activities within IT's control and the goals of the business. This will help demonstrate the value of information security to the rest of the enterprise.


Related Content

Information Security for End Users

Why Is Google Touting 'FISMA-certified' Apps for Government?

Fundamentals of Small Business Information Security