Information security management provides strategic direction for security activities to ensure objectives are achieved and information resources are used responsibly. It manages all IT security activities to focus on all aspects of IT security. Key performance indicators for IT security management include decreases in reported security incidents and their impacts, increases in service level agreement conformance for security, and tracking the number of implemented preventive measures, security tests conducted, and identified security shortcomings.
Information security management provides strategic direction for security activities to ensure objectives are achieved and information resources are used responsibly. It manages all IT security activities to focus on all aspects of IT security. Key performance indicators for IT security management include decreases in reported security incidents and their impacts, increases in service level agreement conformance for security, and tracking the number of implemented preventive measures, security tests conducted, and identified security shortcomings.
Information security management provides strategic direction for security activities to ensure objectives are achieved and information resources are used responsibly. It manages all IT security activities to focus on all aspects of IT security. Key performance indicators for IT security management include decreases in reported security incidents and their impacts, increases in service level agreement conformance for security, and tracking the number of implemented preventive measures, security tests conducted, and identified security shortcomings.
Information security is a management activity within the corporate governance
framework, which provides the strategic direction for security activities and ensures objectives are achieved. It further ensures that the information security risks are appropriately managed and that enterprise information resources are used responsibly. The purpose of ISM is to provide a focus for all aspects of IT security and manage all IT security activities.
Suggested KPIs IT Security Management
+ve Positive KPI (high value is desirable)
-ve Negative KPI (low value is desirable)
Key Performance Indicator (KPI) Definition
+ve Decrease Reported Incidents Percentage decrease in security breaches reported to the Service Desk +ve Decrease in impact of security incidents Percentage decrease in the impact of security breaches and incidents +ve Increase in SLA conformance Percentage increase in SLA conformance to security clauses. Number of Implemented Preventive Measures Number of preventive security measures which were implemented in response to identified security threats Implementation Duration Duration from the identification of a security threat to the implementation of a suitable counter measure Number of Major Security Incidents Number of identified security incidents, classified by severity category Number of Security-Related Service Downtimes Number of security incidents causing service interruption or reduced availability Number of Security Tests Number of security tests and trainings carried out Number of Identified Shortcomings during Security Number of identified shortcomings in security Tests mechanisms which were identified during tests