//
you're reading...
Information Security, IT & TECHNOLOGY

The Best Security KPIs Are the Ones That Matter to Your C-Suite


CSA-Logo

Blog Images_5-12-18_Blog_600x450 (1)What information security KPIs are you tracking? Are they tied specifically to your organization’s business goals? If not, consider that using predictive business performance metrics could help increase your organization’s profitability—by as much as 20% over three years, according to one Gartner study.

To help you develop more relevant security performance indicators, here are some suggestions from the experts:

Make them meaningful to executives
Start by considering what matters most to executives:

  • Meeting organizational goals
  • Maintaining efficient, uninterrupted operational processes
  • Fostering a positive public image
  • Complying with regulations and contractual obligations
  • Managing risks

Don’t focus on cost metrics
“Security guys are always talking about cost,” said Steve Durbin, managing director of the Information Security Forum (ISF), in a CIO magazine interview. “If we realign this, the security guys can now go to the business and say, ‘Look, if this is what is important to you, this is the role I can play in helping you protect that, but I don’t have the funding for a variety of reasons.’ The business can then make the call as to whether to find the funding for that problem. It’s no longer the security guy’s problem, it’s the business’s problem.”

Use leading vs. lagging metrics
A lagging indicator measures actual results, our outputs, so it’s too late to make corrections or improvements. A leading indicator looks at activities necessary to achieve your goals, so they’re essentially inputs that provide information needed to intervene and change course for the better. For example, the number of viruses reported after a new software implementation is a lagging indicator, whereas the number of virus updates implemented prior to implementation shows action taken to drive launch success and improve user productivity.

Evaluate the effectiveness of your proposed metrics
Thankfully, there’s a tool for that. The ASIS Foundation sponsored a major security metrics research project, and one of the outcomes was a Security Metrics Evaluation Tool that security managers can use to assess the quality of specific security metrics. The written tool helps you analyze the effectiveness of a metric against nine criteria, including its relevance to the organization’s strategic mission, how easily it can be communicated and its reliability. The tool is in the Appendix of the research report, “Persuading Senior Management with Effected, Evaluated Security Metrics.”

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

Susan Richardson, Manager/Content Strategy, Code42

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 108,359 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,709 other followers

Twitter Updates

Archives

June 2016
M T W T F S S
« May   Jul »
 12345
6789101112
13141516171819
20212223242526
27282930  
%d bloggers like this: