#CyberFLASH: Struggling to identify cybersecurity KPIs?

Cyber_security_KPI_shutterstock_114785992_ResizeEvery day businesses are forced to spend increasing amounts of precious management time and resources on cybersecurity as data breaches, threats and risks keep piling up. CIOs are asking senior management to spend more and more on risk assessment, incident management, consultants, specialized intrusion detection software and fancy, pricey network hardware.

Senior management is rightly asking: When will this investment end? How much is enough? Am I still at risk of a high-profile disaster, like Sony, occurring on my watch? CIOs can’t answer these questions meaningfully without some data from cybersecurity Key Performance Indicators (KPIs). However, CIOs struggle to identify, design, operate and report on meaningful KPIs.

Here’s a list of resources that will help you quickly define cybersecurity KPIs that are likely to be meaningful for your organization. These resources have been developed through the collaboration of many cybersecurity experts and practitioners. By using one of these resources you will have the assurance that your KPIs are reasonably comprehensive and that you don’t have glaring cybersecurity holes not covered by KPIs. The KPIs can be tracked and reported on easily.

A Taxonomy of Operational Cyber Security Risks Version 2
This Taxonomy of Operational Cyber Security Risks identifies and organizes the sources of operational cyber security risk into four classes: (1) actions of people, (2) systems and technology failures, (3) failed internal processes, and (4) external events. Each class is broken down into subclasses, which are described by their elements.

You can use this taxonomy to quickly identify KPIs that are meaningful to your organization. You can then regularly report KPI statuses to management within the four, easy-to-understand classes.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.