Part A: Metrics Plan

To prepare a metrics plan for the SureMarket information security department, create a $3-$ to $4-$page Microsoft Word document that includes the following:

Describe the security strategy for measuring the effectiveness of the implemented security controls and risk mitigation put into place during Step $5$ of the NIST RMF process. Include the following for each of the vulnerabilities with respect to the SureMarket IT systems:

How to measure mitigated risk

How to identify new vulnerabilities

How to measure SOX compliance

Describe the tools that you would use to measure and track trends, including key performance indicators and thresholds.

Illustrate how you would present metrics to senior leadership, including the requirement for reauthorization.