Internet Security Alliance: NIST framework metrics should focus on threats

The National Institute of Standards and Technology should focus on developing an “analytical tool” enabling entities to assess cyber threats on a monetized basis, according to the president of the Internet Security Alliance, as NIST continues probing the use of NIST cybersecurity framework metrics.

“The next step in the evolution of the NIST CSF shouldn’t be to identify which elements of the CSF are cost-effective in general, but to develop an analytical tool that will enable individual entities to assess...