The last twenty years have seen a proliferation of automated information systems, reliance on the Internet to enable most of the nation’s essential services and infrastructures, and the growing threat of organized cyber attacks capable of causing debilitating disruption to our critical infrastructures. There are many regulations, policies, and guidelines encouraging organizations to assess the security posture of their information systems to determine fundamental, cost-effective security improvements in order to contribute to the protection of these critical information infrastructures.
