Insurance regulators pitched on FICO-style score for cybersecurity
Insurers don't have a good way to measure their customers' cyber risk because because companies don't know how vulnerable they are.
No wonder cybersecurity is so bad: There's no way to measure it
Sarah and Peter Zatko's nonprofit independent cybersecurity testing lab will produce security scores for software that "we're ready to get into a fight over," Sarah told a DEF CON session.
With flexibility in mind, NIST unveils latest draft of cyber framework
The new version of the federal Cybersecurity Framework being drafted at the National Institute of Standards and Technology will be "backwards compatible."
Business lobby pushes back on NIST Framework measurement plans
Public comments filed by business groups voice concern about what metrics should be used for measurement and how public that demonstration ought to be.
Survey: CEOs lack metrics, data on cybersecurity
Large majorities also agreed with the statements "I'm spending money on network security tools and have no way to measure their effectiveness" (82 percent) and "The cybersecurity reports I see are very difficult to understand" (79 percent).