The Center for Internet Security has released a set of free metrics for organizations to use in measuring their security postures. CIS is a coalition of enterprises, government agencies, universities, and vendors from around the world. It’s unclear whether organizations will see adopting metrics as a potential cost-saving and efficiency strategy, or whether they just don’t have the resources to adopt them. CIS CEO: “The challenge for information security professionals is to measure some aspect of security in an unambiguous way””]
Source: https://www.darkreading.com/analytics/center-for-internet-security-issues-free-security-metrics