From Center for a New American Security:

As R Street’s Paul Rosenzweig has noted, “There are no universally recognized, generally accepted metrics by which to measure and describe cybersecurity improvements …. As a result, decision-makers (whether they be corporate boards, government officials or individual users) are left to make choices about cybersecurity implementation based on qualitative measures rather than quantitative ones.”

Featured Publications