Download Publication
![The Continuous Audit Metrics Catalog](https://cloudsecurityalliance.org/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6NTM2NiwicHVyIjoiYmxvYl9pZCJ9fQ==--ce4e6bf93dd9e4055aafbd6ad4661dab9da0654a/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJyZXNpemVfdG9fbGltaXQiOlsyMjUsMzAwXX0sInB1ciI6InZhcmlhdGlvbiJ9fQ==--ed3d8b3503f8660626bf50138e90f4b6f3228621/be3cb0a8.png)
Who it's for:
The Continuous Audit Metrics Catalog
Release Date: 10/19/2021
Working Group: Continuous Assurance Metrics
- Explanation of security metrics
- How to measure the effectiveness of an information system
- How to enable continuous auditing
- Catalog listing the 34 metrics
Included in this zip file:
- Continuous Audit Metrics Catalog
- Code of Practice for Implementing and Maintaining Key Metrics
Download this Resource
Related Resources
Acknowledgements
![Kevin Murphy Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Kevin Murphy
![Chris Pedigo](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA2MTMsInB1ciI6ImJsb2JfaWQifX0=--515ee7bad2fc18fdd5d80ea51de5c5ca9d3bc4e8/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--eb486f3f6b5873e5a4f4e10b34324e47d456ee46/chris-pedigo.jpg)
Chris Pedigo
Global Field CTO at Lacework
![Daniele Catteddu](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTE2MywicHVyIjoiYmxvYl9pZCJ9fQ==--61d9ff4c1ff034766d51593a86cde1a2f379040e/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/daniele-catteddu.jpg)
Daniele Catteddu
Chief Technology Officer, CSA
Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...
![Alain Pannetrat](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTczMTYsInB1ciI6ImJsb2JfaWQifX0=--c612b352acfd6195d1641e9f525be4dba8b58b39/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/portrait-2022-50.jpg)
Alain Pannetrat
Senior Researcher, STAR Product Manager, CSA
![John DiMaria](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTcyODksInB1ciI6ImJsb2JfaWQifX0=--610556f63fa312faedcadc5f946ec8679fad9171/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGVnIiwiYXV0b19vcmllbnQiOnRydWUsInJvdGF0ZSI6MCwiZ3Jhdml0eSI6ImNlbnRlciIsInJlc2l6ZSI6IjE4MHgyNDBeIiwiYmFja2dyb3VuZCI6Im5vbmUifSwicHVyIjoidmFyaWF0aW9uIn19--bce64e6cd8e04ad10bf1b7b6142bab4d14a520af/JDMHeadshot.jpeg)
John DiMaria
Director of Operations Excellence, CSA
![Max Pritikin](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6NTQwMiwicHVyIjoiYmxvYl9pZCJ9fQ==--dde36ebf47f524dc321e5a31f12572526b4655c0/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/pritikin.jpg)
Max Pritikin
Principal Engineer, Cisco
![Jonathan Lewis Christopherson](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6NTQwMywicHVyIjoiYmxvYl9pZCJ9fQ==--ade6c7d36672810bf6af1e7a359b34b00a523d78/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--eb486f3f6b5873e5a4f4e10b34324e47d456ee46/Jonathan_Lewis_Christopherson.png)
Jonathan Lewis Christopherson
![Raj Krishnamurthy](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6NTQxMywicHVyIjoiYmxvYl9pZCJ9fQ==--7138db88e2c6ef3e925e10b87f633374739c7ee5/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--eb486f3f6b5873e5a4f4e10b34324e47d456ee46/raj.png)
Raj Krishnamurthy
Raj has experience engineering next generation security and compliance systems. He is a volunteer for the Continuous Audit Metrics working group.
![Dili Origbo](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6ODIyNiwicHVyIjoiYmxvYl9pZCJ9fQ==--410f4f88377cb86d460d003861c5d6f9e42180bb/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/07805d71.jpg)
Dili Origbo
Technology Audit & Project Assurance U.K.
![Mosi Platt](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6ODI4OCwicHVyIjoiYmxvYl9pZCJ9fQ==--0ea02b730231d7016327c70fef1660efc3fdd3c3/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJwbmciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--eb486f3f6b5873e5a4f4e10b34324e47d456ee46/mosi1.png)
Mosi Platt
Carlos Victoria
Carlos is a cybersecurity governance, risk, audit and compliance professional with over 12 years of experience. Carlos is CISSP, CISA, and CCSK certified. https://www.linkedin.com/in/carlosevictoria/
![Brian Milbier Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Brian Milbier
![Bowen Close Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Bowen Close
![Michaela Iorga](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA2MjAsInB1ciI6ImJsb2JfaWQifX0=--1811324379a7a94198f93d10875009c724732172/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/michaela-iorga.jpg)
Michaela Iorga
Senior Security Technical Lead for Cloud Computing at National Institute of Standards and Technology (NIST/ITL)
![Massimiliano Rak Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Massimiliano Rak
Willy Fabritius
![Anthony Scarfe Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Anthony Scarfe
![James Condon Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
James Condon
![Julien Mauvieux Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Julien Mauvieux
Carlos Victoria
Carlos is a cybersecurity governance, risk, audit and compliance professional with over 12 years of experience. Carlos is CISSP, CISA, and CCSK certified. https://www.linkedin.com/in/carlosevictoria/
![Louis Seefried Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Louis Seefried
![Jonathan Villa Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Jonathan Villa
![Christian Banse](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTE0MTAsInB1ciI6ImJsb2JfaWQifX0=--09a136eac9f0dcb1a9de8bebf4cf55c65294bd6e/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGVnIiwiYXV0b19vcmllbnQiOnRydWUsInJvdGF0ZSI6MCwiZ3Jhdml0eSI6ImNlbnRlciIsInJlc2l6ZSI6IjE4MHgyNDBeIiwiYmFja2dyb3VuZCI6Im5vbmUifSwicHVyIjoidmFyaWF0aW9uIn19--bce64e6cd8e04ad10bf1b7b6142bab4d14a520af/1527708953812.jpeg)
Christian Banse
Head of Department "Service & Application Security"
![Michael Bently Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Michael Bently
![Amanda King Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Amanda King
![Tinsae Erkailo Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Tinsae Erkailo
![Alexandre Higuchi Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Alexandre Higuchi
![Judy Owen Headshot Missing](/assets/fallback/csa-headshot-7b449f5deff0b8be963d29536d108a63e2ef86ec765da989bb085a7d8c14217c.png)
Judy Owen
![Hafiz Sheikh Adnan Ahmed](/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTI1MTcsInB1ciI6ImJsb2JfaWQifX0=--192a94ecaa180be273bb9d15b84a0e83eff93aa6/eyJfcmFpbHMiOnsiZGF0YSI6eyJmb3JtYXQiOiJqcGciLCJhdXRvX29yaWVudCI6dHJ1ZSwicm90YXRlIjowLCJncmF2aXR5IjoiY2VudGVyIiwicmVzaXplIjoiMTgweDI0MF4iLCJiYWNrZ3JvdW5kIjoibm9uZSJ9LCJwdXIiOiJ2YXJpYXRpb24ifX0=--ce1f0b273c14895214513c640abe6c284218f1db/Ahmed,%20Hafiz%20Sheikh%20Adnan.jpg)
Hafiz Sheikh Adnan Ahmed
Hafiz Sheikh Adnan Ahmed is a futurist and technology/Security leader with 17+ years track record in the areas of ICT Governance, Cyber Security & Resilience, Data Privacy & Protection, Risk Management, Corporate Excellence & Innovation, Digital Transformation, Strategic Transformation.