It has always been a struggle for information security professionals to measure “the effectiveness” of IT security controls. In the 1980s, “orange books” were released for security professionals as a standard to set basic requirements for assessing the effectiveness of security controls built into a computer system (Figure 7-1), which was a part of the Rainbow Series published by the U.S. National Computer Security Center. The most well-known orange book is the Trusted Computer System Evaluation Criteria ...
© The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature 2022
V. Viegas, O. KuyucuIT Security Controlshttps://doi.org/10.1007/978-1-4842-7799-7_77. Security Metrics
Get IT Security Controls: A Guide to Corporate Standards and Frameworks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
