Here is an Applicability Matrix I created that shows how the existing NIST CSF 1.1 applies to each of the Ten Dimensions. You'll notice that there are only a few blue squares, which indicates that the Ten Dimensions is a different way of carving up the space. This has plusses and minuses, of course. In the blog posts on the Ten Dimensions, I explain and justify. You'll also notice that some of the Ten Dimensions are poorly covered -- 3. Effective Design & Development; 8. Effective Agility and Learning (incl.. metrics); and 9. Optimize Total Cost of Risk.
 |
| Applicability Matrix. Rows = 10 Dimensions. Columns = NIST CSF. Darker colors = more CSF items are applicable. |
- Slides
- NIST CSF to 10 Dimensions spreadsheet with Applicability Matrix
- Ten Dimensions of Cyber Security Performance (blog posts)
- How to aggregate ground-truth metrics into a performance index (blog post)
- Aggregating risk: Risk Management: Out with the Old, In with the New! (blog post)
