Tenacity employee paper published by Information Security Journal

Monday, November 1, 2010
Director of the Tenacity Institute for Strategic Risk Management, Dr. David Comings, co-authored a paper released in the Information Security Journal on metrics for continuous monitoring.  
The paper, titled "Information Assurance Metric for Assessing NIST's Monitoring Step in the Risk Management Framework" proposes metrics for use in the sixth-step in the National Institute of Standards and Technology's (NIST) Risk Management Framework (RMF) for formal risk management of Information Technology systems within the US federal government.  This sixth step is designed to ensure that the factors that went into a formal risk decision to activate a given IT system remain in place through proper Operations and Maintenance.  Comings and his co-author Dr. Wendy Ting of the Department of Defense, propose using the Object Measurement approach created to evaluate system development lifecycle processes.  

The paper is available in the Information Security Journal at or as a stand-alone article at
what employees are saying dotted line
Risk Management Brian Woolfolk

"At Tenacity, it's true that their people are the most important. Before joining Tenacity I had always heard that they truly take care of their people, and after spending one year with them, it's true. Tenacity recognizes that without the people there is no Tenacity. If you want to join a company that is passionate about their people, Tenacity is the place. People matter!"

Site Designed by DC Web Designers, a Washington DC web design company