The CIS Security Metrics

Overview
Center for Internet Security, The CIS Security Metrics (Nov. 1, 2010) (full-text).

Overview
This publication provides definitions for security professionals to measure some of the most important aspects of the information security status. The goal is to give an organization the ability to repeatedly evaluate security in a standardized way, allowing it to identify trends, understand the impact of activities and make responses to improve the security status.