OWASP Information Security Metrics Bank
OWASP Information Security Metrics Bank project aims at helping organizations quickly assess their cybersecurity capabilities with a pre-defined set of metrics developed within a framework that provides clear measurement process, criteria and objectives. This framework is maintained by the open-source community.
ISMB project provides a practical framework for building the basis of an Information Security Measurement Program. ISMB shall define a structured approach for keeping track of security mertics and ensuring that the proper mapping of these metrics with the information security program capabilities and activities. This mapping can report current organization’s cybersecurity capabilities maturity level which at the end can be tracked for progress through continuous measurement and monitoring.
ISMB project focuses on the following objectives:
- Develop a structured approach for creating, designing and maintaining the information security metrics taking into consideration building proper tools/methodologies for community collaboration.
- Develop information security metrics aligned with the common and widely used cybersecurity frameworks, standards and best practices.
- Build and maintain an online repositority for information security metrics to facilitate for community the design, development, evaluation and sharing of security metrics in various cybersecurity domains.
Information Security Measurement Program Toolkit: ISMP program development methodology, program development and a sample project plan. The package also shall contain a set of template documents for reference use such as ISMP program charter, policies and processes, metrics repositorty excel sheets and metrics tracking sheets.
Live Information Security Metrick Bank: a live published repository of security metrics to be developed and maintained with community’s support in a predefined structured format. This enables ISMB users to browse and search for different metrics within the repository.